We got the following error messages frequently for part of domains in these days:
get certificates finalize order:acme: error code 403 “urn:ietf:params:acme:error:orderNotReady” Order’s status (“valid”) is not acceptable for finalization
Any ideas what is cause the certificates fail to finalize ?
valid means that the order has already been finalized and certificate issued.
Order objects are created in the "pending" state. Once all of the
authorizations listed in the order object are in the "valid" state,
the order transitions to the "ready" state. The order moves to the
"processing" state after the client submits a request to the order's
"finalize" URL and the CA begins the issuance process for the
certificate. Once the certificate is issued, the order enters the
"valid" state. If an error occurs at any of these stages, the order
moves to the "invalid" state. The order also moves to the "invalid"
state if it expires or one of its authorizations enters a final state
other than "valid" ("expired", "revoked", or "deactivated").
Can you comment on what ACME client you are using? It sounds perhaps like the client is POSTing the finalization call, and then failing to properly handle or persist the response, causing it to later retry in a futile fashion.