Some orders fails, but I can't know why


#1

Hi all,
my self-made client (v2) is running correctly for months until last days of september. From 29 september I’ve a lot of fail orders each night.
At 5 october I’ve splitted the orders in chunk of 100 per hour.
This seems to fix, until tonight when 4 orders are failed.

My question is: how can I check why are failed? I don’t find any information in LE responses.
example:
order 109384866, I’m asking cert for *.cirilloricambi.it and cirilloricambi.it
I’ve inserted two txt records in dns, then I do two auth. This is the response of one:
[header] => HTTP/1.1 100 Continue
Expires: Thu, 11 Oct 2018 00:02:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 222
Boulder-Requester: 6566700
[…]
[body] => Array
(
[type] => dns-01
[status] => pending
[…]

Now my client check the order status each minute:
first minute:
[id] => 109384866
[status] => pending
second one:
[id] => 109384866
[status] => invalid
[…]
… and no more info.
After I got this invalid order, how can I know why is invalid???
Dns timeout? Dns records wrong? Missing dns records? too many pending auth?

Any help is really appreciated.


#2

Look at the URLs in the authorizations array of the order.


#3

So simply… U_U Many thanks!

“error”: {
“type”: “urn:ietf:params:acme:error:dns”,
“detail”: “DNS problem: query timed out looking up TXT for _acme-challenge.cirilloricambi.it”,
“status”: 400
},

So, from this, the client must retry with a brand new order, right?

Thanks for help, I think I can fix it finally.


#4

Hi @f4810

if the status of the order / authorization is invalid, yes. You have to start new.

Looks like your dns provider has a problem, if the other errors same.

Perhaps inlude something like a “sleep two minutes after setting the dns entry”.


#5

Ok. I will do.
Thanks for hint.

My provider is myself :slight_smile: . We will investigate for this, we’ve not noticed any timeout first…
Thanks


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.