Order's status ("pending") is not acceptable for finalization
Experimenting with bacme, I kept running into this error:
#### Finalizing order ...
ERROR: API request error
ERROR: Request URL: https://acme-staging-v02.api.letsencrypt.org/acme/finalize/12448610/75320825
ERROR: HTTP status: 403
ERROR: HTTP/2 403
server: nginx
date: Fri, 14 Feb 2020 13:22:06 GMT
content-type: application/problem+json
content-length: 152
boulder-requester: 12448610
cache-control: public, max-age=0, no-cache
link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 00011TFIzoYe8bqcK28h0wo4J8-tC_K0JrokeEwSxlJ3S_Q
{
"type": "urn:ietf:params:acme:error:orderNotReady",
"detail": "Order's status (\"pending\") is not acceptable for finalization",
"status": 403
}
access.log
18.224.20.83 - - [14/Feb/2020:14:22:00 +0100] "GET /.well-known/acme-challenge/AXkGilI9X22RUvud2UqqPCZTWjVX8PIMv_BoGPocIJI HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
52.58.118.98 - - [14/Feb/2020:14:22:04 +0100] "GET /.well-known/acme-challenge/AXkGilI9X22RUvud2UqqPCZTWjVX8PIMv_BoGPocIJI HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
18.224.20.83 - - [14/Feb/2020:14:22:04 +0100] "GET /.well-known/acme-challenge/Utyl5chX3-8sclyb2Nn22xAyqIf9wId63lACJ3qA1ss HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
52.58.118.98 - - [14/Feb/2020:14:22:05 +0100] "GET /.well-known/acme-challenge/Utyl5chX3-8sclyb2Nn22xAyqIf9wId63lACJ3qA1ss HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.211.60.134 - - [14/Feb/2020:14:22:06 +0100] "GET /.well-known/acme-challenge/Utyl5chX3-8sclyb2Nn22xAyqIf9wId63lACJ3qA1ss HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.211.60.134 - - [14/Feb/2020:14:22:06 +0100] "GET /.well-known/acme-challenge/AXkGilI9X22RUvud2UqqPCZTWjVX8PIMv_BoGPocIJI HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
66.133.109.36 - - [14/Feb/2020:14:22:06 +0100] "GET /.well-known/acme-challenge/Utyl5chX3-8sclyb2Nn22xAyqIf9wId63lACJ3qA1ss HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
66.133.109.36 - - [14/Feb/2020:14:22:06 +0100] "GET /.well-known/acme-challenge/AXkGilI9X22RUvud2UqqPCZTWjVX8PIMv_BoGPocIJI HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
52.58.118.98 - - [14/Feb/2020:14:22:07 +0100] "GET /.well-known/acme-challenge/Kt_9w1ydH-_INekYNLtoU_hpoKbyu3vZ1zvdyP6x5rY HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
18.224.20.83 - - [14/Feb/2020:14:22:07 +0100] "GET /.well-known/acme-challenge/Kt_9w1ydH-_INekYNLtoU_hpoKbyu3vZ1zvdyP6x5rY HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
34.211.60.134 - - [14/Feb/2020:14:22:07 +0100] "GET /.well-known/acme-challenge/Kt_9w1ydH-_INekYNLtoU_hpoKbyu3vZ1zvdyP6x5rY HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
66.133.109.36 - - [14/Feb/2020:14:22:07 +0100] "GET /.well-known/acme-challenge/Kt_9w1ydH-_INekYNLtoU_hpoKbyu3vZ1zvdyP6x5rY HTTP/1.1" 200 88 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
I have only very superficial understanding of the acme challenge protocol.
The timestamp in the error message was :22:06
while the last entry in access.log was :22:07
, so I increased the hardcoded sleep 5
delay a bit and that fixed it for me.