Order stuck in ready state

I have an order that has been stuck in the ready state for a few days now.
https://acme-v02.api.letsencrypt.org/acme/order/78812746/2513279299

Normally, certificates transition to the valid state quickly. I’m assuming I’ve been rate limited somehow, but I can’t figure out which rate limit I might have exceeded to cause this. I got the number of order increased from 300 per 3 hrs to 3000, but that didn’t seem to help.

Any help would be very much appreciated even if it just points me in the right direction!

My domain is peakirving.com

I’m using cert-manager which had been working perfectly until I requested 800 domains at once.

Hi @jes

if the order is ready, you have to do the next step: Use the finalize url and upload your CSR.

2 Likes

Sorry I should have mentioned that I already did that. Or cert manager did anyway. Could there be any other reason it’s stuck in ready?

And the result? Then you should be able to download the certificate.

It just stays in the ready state and never transitions to valid. There’s no certificate for me to download until it transitions to valid I think? Could this be a result of a rate limit of some kind?

The order’s object state transition from the ready to the valid happens when you submit the CSR to the finalize URL of the order object. Have you already done that?

1 Like

I have. Does it transition to valid as soon as the csr is submitted, or only after letsencrypt is done processing the csr and issued the certificate?

Is there some way to prove or verify that the csr has indeed been sent?

One certificate with 800 domain names?

Max. 100 domain names are allowed.

Looks like you are doing something wrong.

Checking your domain - https://check-your-website.server-daten.de/?q=peakirving.com

There are two new certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2020-03-06 2020-06-04 www.peakirving.com - 1 entries duplicate nr. 1
Let’s Encrypt Authority X3 2020-03-06 2020-06-04 peakirving.com - 1 entries duplicate nr. 1

Both are used, both are 89 days valid.

Why do you want to create a new certificate?

If you have created a certificate yesterday, the challenge isn’t checked again. Valid challenges are 30 days cached.

The order object might not immediately transition to valid state after submitting the csr. It may transition to processing state, but eventually it will end up in valid. You may regularly check its state via polling the order object. Check page 33:
https://tools.ietf.org/html/rfc8555#section-7.1.6