[Staging] 400 response during DNS challenge

avizov · July 12, 2022, 9:07am

Hi,

We are using cert-manager in k8s to perform ACME DNS challenge flow with Let's encrypt staging (https://acme-staging-v02.api.letsencrypt.org/directory) and we have noticed a failure since last night with the following error:

cert-manager/controller/challenges/acceptChallenge "msg"="error accepting challenge" "error"="400 urn:ietf:params:acme:error:malformed: Unable to update challenge :: authorization must be pending"

The ACME challenge is successful when switching to the productive server (https://acme-v02.api.letsencrypt.org/directory).

We have seen similar issue a few months ago, and the time there was a staging issue. (see [Staging] Record exists but query timing out looking up TXT record)

Is there any known issue with the staging Let's encrypt server at the moment?

Thanks,
Alex

My domain is:
multiple domain names

I ran this command:
n/a (using cert-manager)

It produced this output:
cert-manager/controller/challenges/acceptChallenge "msg"="error accepting challenge" "error"="400 urn:ietf:params:acme:error:malformed: Unable to update challenge :: authorization must be pending"

My web server is (include version):
https://acme-staging-v02.api.letsencrypt.org/directory

griffin · July 12, 2022, 1:31pm

@lestaff staging failures seem to be occurring everywhere right now #5

tj-higgins · July 12, 2022, 2:29pm

Is there a status page for staging? Was baffled as to why our tests started randomly failing until I saw this post.

mcpherrinm · July 12, 2022, 2:34pm

It's the same status page, but we generally don't wake SREs for staging. We are starting investigations now (it seems something's gone wrong with auto-scaling...)

MikeMcQ · July 12, 2022, 2:43pm

But can't the status page at least reflect this? It currently says staging is fully operational.

mcpherrinm · July 12, 2022, 2:44pm

Yes, I just finished putting an incident up: https://letsencrypt.status.io/

mcpherrinm · July 12, 2022, 3:53pm

I think I fixed it! Please let me know if problems are persisting.

Osiris · July 12, 2022, 4:16pm

Hire an European SRE! Or perhaps even better, an Aussie?

avizov · July 12, 2022, 4:31pm

I think it finally works now. Thank you very much!!!

system · August 11, 2022, 4:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
HTTP Challenge with Staging Server Doesn't Pass Help	2	1207	June 22, 2017
HTTP 01 challenges Help	9	1370	March 16, 2022
Have been getting a pending and then invalid status from lets encrypt while trying to complete a dns-01 challenge after manually adding TXT record and confirming propagation Help	3	661	September 24, 2023
ACME Challenge state won't change after POST to authorization challenge url Help	12	1285	March 31, 2022
[Staging] 405 malformed error Help	16	801	August 11, 2022

[Staging] 400 response during DNS challenge

Related Topics