-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to update challenge :: authorization must be pending #285
Comments
Hi, you don't need to keep calling Validate on the challenge (just do it once), instead you need to poll the status of the challenge (or the whole order):
Regarding switching from staging to the production API, they are different systems so you need a new AccountKey for the real API, e.g. a new account registration and saved key file. Note also that CsrInfo only needs CommonName set, it's technically invalid to supply the other values because Let's Encrypt can't validate them. |
Thanks a lot for your help, I gave a try to your code, polling dnsChallenge.Resource() every 4 seconds, but it stays "Pending" indefinitely, with the ACME challenge txt record set correctly in the DNS ... The code I used is :
|
Are you still calling |
Well, in fact if I fire |
Yes, so you need ensure DNS records are replicated to your nameservers before you attempt |
@sierramike Example code: var result = await lookup.QueryAsync(dnsChallenge.Record, QueryType.TXT);
var txtRecord = result.Answers.TxtRecords().FirstOrDefault();
var text = txtRecord?.Text.FirstOrDefault(); And once the correct TXT value is returned, I continue with Validate and the next steps. |
Hi, I abandonned this script but now that shieldsigned has closed I am in the need to automate by myself, thus coming back on this. I started testing again, and here is where I'm stuck :
I went to the order URI (https://acme-v02.api.letsencrypt.org/acme/order/xxxxxxxxxxxxx/xxxxxxxxxxxxx" which returns a JSON data containing a list of authorizations URLs, one for each domain, addresses are like "https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxxxxxxxxxx"
But for non wildcard domains I get :
Seems like if LE was waiting for http-01 validation and is not checking the dns-01 validation. If I force validation by calling the
Which seems as if it only checks for http-01 validation. How is it possible to force dns-01 validation ? |
Hello,
I'm searching what I'm doing wrong.
I wrote the following simple code based on the base documentation of this library, and started testing (using the WellKnownServers.LetsEncryptStagingV2 which is returned by a property I called "Server").
This code runs correctly until the DNS challenge key which is returned correctly.
I manually add the challenge key to the DNS, then press my key so it tries to Validate().
The validation returns "Pending", then waits 10 seconds, then throws an exception (on the next Validate()):
AcmeRequestException : Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2031491498/M1rHWg'.
urn:ietf:params:acme:error:malformed: Unable to update challenge :: authorization must be pending
The fact is, I first tried to develop a more complex code and placed multiple values in the order : mydomain.fr, myotherdomain.com, *.mydomain.fr, *.myotherdomain.com to have SAN in the cert, and got the exact same issue : first pass on validate returns an object with "Pending" status, but next pass will throw this exception.
Suspected an issue with my DNS, but I tried with "www.shieldsigned.com" website which I was using until now for my certs, and managed to generate successfully the certificate after putting the 4 _acme-challenge values in the domain DNSs. So it seems not related with the DNS configuration.
Anyone can help and tell me what's wrong with my code? Thanks a lot.
(btw, I tried to switch to LetsEncryptV2 instead of staging, but then it failed immediately when trying to place the order, complaining about not authorized action ... but that's another issue it seems ... would like to have it work on the staging environment first ...)
The text was updated successfully, but these errors were encountered: