Error: Let's Encrypt validation status 400 (domain). Details: Unable to update challenge :: authorization must be pending

Al2333 · July 15, 2021, 8:59am

Hello all!
Please help Me!
10 VPS on Hestia 1.4.5 work fine, today after updating put the new Hestia 1.4.6 and it can not get a certificate LE.

nginx -t - all OK!

DNS Records - all OK!

_acme-challe… TXT 14400 GmLokAJLEcU-FvbgHBmKOZLQgABDTCamyqGrsozL9CM

A 14400 IP HERE
…
and all more - ok.

LE Log:
==[Step 1]==
- status: 200
- nonce: 0001J6U-Y_DdVObT8FD-LXr1Jt-Hvh7RZu5eBK645Uci74Q
- answer: HTTP/2 200 
server: nginx
date: Thu, 15 Jul 2021 08:07:45 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: 0001J6U-Y_DdVObT8FD-LXr1Jt-Hvh7RZu5eBK645Uci74Q
x-frame-options: DENY
strict-transport-security: max-age=604800



==[API call]==
exit status: 0


==[Step 2]==
- status: 201
- nonce: 0001m5izNdL7FtePoByXMM74TrkJMd_fE5QlwNVg4lnqVs4
- authz: https://acme-v02.api.letsencrypt.org/acme/authz-v3/14830204896
https://acme-v02.api.letsencrypt.org/acme/authz-v3/14830360859
- finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/130657108/11089594591
- payload: {"identifiers":[{"type":"dns","value":"*.my_domain"},{"type":"dns","value":"my_domain"}]}
- answer: HTTP/2 201 
server: nginx
date: Thu, 15 Jul 2021 08:07:46 GMT
content-type: application/json
content-length: 467
boulder-requester: 130657108
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/130657108/11089594591
replay-nonce: 0001m5izNdL7FtePoByXMM74TrkJMd_fE5QlwNVg4lnqVs4
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "status": "pending",
  "expires": "2021-07-22T08:00:47Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.my_domain"
    },
    {
      "type": "dns",
      "value": "my_domain"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/14830204896",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/14830360859"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/130657108/11089594591"
}


==[API call]==
exit status: 0


==[Step 3]==
- status: 200
- nonce: 0101YwqBPCUI9GfRJrs2_GTr-iPeJbQtcrTwQqIKg1QR55o
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/14830204896/ILmP-g
- token: aeMk6wsVRS2v1Hmbd3gaTT5rTGQNHz1bVbqZANN4ZFg
- answer: HTTP/2 200 
server: nginx
date: Thu, 15 Jul 2021 08:07:46 GMT
content-type: application/json
content-length: 383
boulder-requester: 130657108
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0101YwqBPCUI9GfRJrs2_GTr-iPeJbQtcrTwQqIKg1QR55o
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "my_domain"
  },
  "status": "pending",
  "expires": "2021-07-22T08:00:47Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14830204896/ILmP-g",
      "token": "aeMk6wsVRS2v1Hmbd3gaTT5rTGQNHz1bVbqZANN4ZFg"
    }
  ],
  "wildcard": true
}


==[API call]==
exit status: 0


==[Step 5]==
- status: 200
- nonce: 0101uyraBfrpeRV-0ntVazWyYi_UeiomNVtSPT2RwcOxSbE
- validation: pending
- details: 
- answer: HTTP/2 200 
server: nginx
date: Thu, 15 Jul 2021 08:07:54 GMT
content-type: application/json
content-length: 185
boulder-requester: 130657108
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/14830204896>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/14830204896/ILmP-g
replay-nonce: 0101uyraBfrpeRV-0ntVazWyYi_UeiomNVtSPT2RwcOxSbE
x-frame-options: DENY
strict-transport-security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14830204896/ILmP-g",
  "token": "aeMk6wsVRS2v1Hmbd3gaTT5rTGQNHz1bVbqZANN4ZFg"
}


==[API call]==
exit status: 0


==[Step 5]==
- status: 400
- nonce: 0002SnVmVY-Hm0mK243toF0Oa7yb2DjEPF9O1omIHT8do9U
- validation: 
- details: Unable to update challenge :: authorization must be pending
- answer: HTTP/2 400 
server: nginx
date: Thu, 15 Jul 2021 08:07:59 GMT
content-type: application/problem+json
content-length: 144
boulder-requester: 130657108
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 0002SnVmVY-Hm0mK243toF0Oa7yb2DjEPF9O1omIHT8do9U

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to update challenge :: authorization must be pending",
  "status": 400
}


==[Abort Step 5]==
=> Wrong status

eris · July 15, 2021, 8:59am

Working on a patch