Validation for CN: uat1.carrefouruae.com stuck

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: uat1.carrefouruae.com

INFO com.akamai.cps.businesscase.BusinessCaseServiceImpl - Not sending duplicate message CA_ORDER_ERROR, E: Order’s status (“invalid”) is not acceptable for finalization, W:null for Job JobID(id=1001856).

LeErrorReport(statusCode=403, type=urn:ietf:params:acme:error:orderNotReady, detail=Order’s status (“invalid”) is not acceptable for finalization)

Appreciate Urgent reply on this. Customer needs clarity on why is this happening and how to fix it.

Hi @droy

that’s expected, your name servers are completely buggy - https://check-your-website.server-daten.de/?q=uat1.carrefouruae.com

X Fatal error: Nameserver doesn’t support TCP connection: keu.carrefour.com / 213.137.173.17: Timeout
X Fatal error: Nameserver doesn’t support TCP connection: keu.carrefour.com / 2a00:2000:4701:d::1: Timeout
X Fatal error: Nameserver doesn’t support TCP connection: ns1.eu.rrpproxy.net / 94.23.167.207: Refused
X Fatal error: Nameserver doesn’t support TCP connection: ns1.eu.rrpproxy.net / 2001:41d0:c:388:94:23:167:207: Refused

And

X Nameserver Timeout checking Echo Capitalization: keu.carrefour.com / 213.137.173.17
X Nameserver Timeout checking Echo Capitalization: keu.carrefour.com / 2a00:2000:4701:d::1
X Nameserver Timeout checking EDNS512: keu.carrefour.com / 213.137.173.17
X Nameserver Timeout checking EDNS512: keu.carrefour.com / 2a00:2000:4701:d::1

Authoritative name servers must support TCP connections. And the Echo Capitalization check must work, that’s a fatal error -> Unbound reports a Servfail.

Please update your name servers or change your dns provider.

2 Likes

:wave: @cabouadi,

When an order is invalid it means one of the order authorization’s failed a domain validation challenge. Your system should retrieve each of the authorizations associated with the order and display the problem details to the user directly. That would help clarify why this is happening and how to fix it and is something you could implement entirely on your end.

Good luck!