I’ve noticed a peculiar problem with some cert orders that seems like it might be a Boulder/LE issue rather than a problem with our client.
I created an order and started doing its authzs’ HTTP challenges. Two of the challenges (https://acme-v02.api.letsencrypt.org/acme/chall-v3/3416094598/mJS7tg and https://acme-v02.api.letsencrypt.org/acme/chall-v3/3416094600/-lCigg) remained “pending” after 30 seconds, so my client gives up on HTTP and switches to DNS (i.e., creates a new order with the same set of certificates).
Our DNS challenge logic, though, failed because the authz was valid at that point, and so there was no DNS challenge in the authz object.
I can (and will) update our DNS challenge logic. There’s definitely a race condition built into our workflow; it just seems a bit funny that it would happen for two domains at the same time.
Are you guys able to look at logs and see what may have happened here? Was there a
pending status being given to some authz polls that should have given back
I’m wondering if those initial order’s authzs were ever
valid, and somehow only the new order’s authzs reflected a successful challenge.