Error: Let's Encrypt validation status 400 (mail.iddsebring.com)

Unable to generate SSL for mail domain mail.iddsebring.c0m
The domain is under CloudFlare but mail.iddsebring.c0m and webmail.iddsebring.com has DNS Only.
For the main domain iddsebring.c0m i can generate SSL without problem also it under CloudFlare with Proxied mode.
Error: Let’s Encrypt validation status 400 (mail.iddsebring.c0m). Details: Unable to update challenge :: authorization must be pending

=============================

Date Time: 2021-08-11 17:19:18

WEB_SYSTEM: apache2

PROXY_SYSTEM: nginx

user: vesta

domain: mail.iddsebring.c0m

  • aliases: webmail.iddsebring.c0m

  • proto: http-01

  • wildcard:

==[Step 1]==

  • status: 200

  • nonce: 0001c5XgIccJ9yugDs5CF1jpw6bi1LfUuJS0aD0UrwcYrWc

  • answer: HTTP/2 200

server: nginx

date: Wed, 11 Aug 2021 21:19:19 GMT

content-type: application/json

content-length: 658

cache-control: public, max-age=0, no-cache

replay-nonce: 0001c5XgIccJ9yugDs5CF1jpw6bi1LfUuJS0aD0UrwcYrWc

x-frame-options: DENY

strict-transport-security: max-age=604800

==[API call]==

exit status: 0

==[Step 2]==

  • status: 201

  • nonce: 00014Upd51Ts3e-6nc_yvxzmIs2oz8ilQdsJDPxAnEOgN6M

  • authz: acme-v02.api.letsencrypt.0rg/acme/authz-v3/20993204590

acme-v02.api.letsencrypt.0rg/acme/authz-v3/21014819020

  • finalize: acme-v02.api.letsencrypt.0rg/acme/finalize/78214423/16214141530

  • payload: {“identifiers”:[{“type”:“dns”,“value”:“mail.iddsebring.c0m”},{“type”:“dns”,“value”:“webmail.iddsebring.c0m”}]}

  • answer: HTTP/2 201

server: nginx

date: Wed, 11 Aug 2021 21:19:20 GMT

content-type: application/json

content-length: 485

boulder-requester: 78214423

cache-control: public, max-age=0, no-cache

link: <acme-v02.api.letsencrypt.0rg/directory>;rel=“index”

location: acme-v02.api.letsencrypt.0rg/acme/order/78214423/16214141530

replay-nonce: 00014Upd51Ts3e-6nc_yvxzmIs2oz8ilQdsJDPxAnEOgN6M

x-frame-options: DENY

strict-transport-security: max-age=604800

{

“status”: “pending”,

“expires”: “2021-08-18T19:23:42Z”,

“identifiers”: [

{

“type”: “dns”,

“value”: “mail.iddsebring.c0m”

},

{

“type”: “dns”,

“value”: “webmail.iddsebring.c0m”

}

],

“authorizations”: [

“acme-v02.api.letsencrypt.0rg/acme/authz-v3/20993204590”,

“acme-v02.api.letsencrypt.0rg/acme/authz-v3/21014819020”

],

“finalize”: “acme-v02.api.letsencrypt.0rg/acme/finalize/78214423/16214141530”

}

==[API call]==

exit status: 0

==[Step 3]==

  • status: 200

  • nonce: 0001hdM6X9JvWqK1xUXc77oq6Yp-tBvUiOGQsLXStm39aug

  • url: acme-v02.api.letsencrypt.0rg/acme/chall-v3/20993204590/ZRq9hA

  • token: BwPCu_ttVvpTNpV1UXm7EimMG7H-FGROmIDBpjHZ1fU

  • answer: HTTP/2 200

server: nginx

date: Wed, 11 Aug 2021 21:19:20 GMT

content-type: application/json

content-length: 800

boulder-requester: 78214423

cache-control: public, max-age=0, no-cache

link: acme-v02.api.letsencrypt.0rg/directory>;rel=“index”

replay-nonce: 0001hdM6X9JvWqK1xUXc77oq6Yp-tBvUiOGQsLXStm39aug

x-frame-options: DENY

strict-transport-security: max-age=604800

{

“identifier”: {

“type”: “dns”,

“value”: “mail.iddsebring.c0m”

},

“status”: “pending”,

“expires”: “2021-08-18T19:23:42Z”,

“challenges”: [

{

“type”: “http-01”,

“status”: “pending”,

“url”: “acme-v02.api.letsencrypt.0rg/acme/chall-v3/20993204590/ZRq9hA”,

“token”: “BwPCu_ttVvpTNpV1UXm7EimMG7H-FGROmIDBpjHZ1fU”

},

{

“type”: “dns-01”,

“status”: “pending”,

“url”: “acme-v02.api.letsencrypt.0rg/acme/chall-v3/20993204590/TRGO4w”,

“token”: “BwPCu_ttVvpTNpV1UXm7EimMG7H-FGROmIDBpjHZ1fU”

},

{

“type”: “tls-alpn-01”,

“status”: “pending”,

“url”: “acme-v02.api.letsencrypt.0rg/acme/chall-v3/20993204590/-WZrHw”,

“token”: “BwPCu_ttVvpTNpV1UXm7EimMG7H-FGROmIDBpjHZ1fU”

}

]

}

==[API call]==

exit status: 0

==[Step 5]==

  • status: 200

  • nonce: 000109ZDDl5SJpWkcKfitdBevZhpKtwccPsLHxkha7dReTM

  • validation: pending

  • details:

  • answer: HTTP/2 200

server: nginx

date: Wed, 11 Aug 2021 21:19:27 GMT

content-type: application/json

content-length: 186

boulder-requester: 78214423

cache-control: public, max-age=0, no-cache

link: <acme-v02.api.letsencrypt.0rg/directory>;rel=“index”

link: <acme-v02.api.letsencrypt.0rg/acme/authz-v3/20993204590>;rel=“up”

location: acme-v02.api.letsencrypt.0rg/acme/chall-v3/20993204590/ZRq9hA

replay-nonce: 000109ZDDl5SJpWkcKfitdBevZhpKtwccPsLHxkha7dReTM

x-frame-options: DENY

strict-transport-security: max-age=604800

{

“type”: “http-01”,

“status”: “pending”,

“url”: “acme-v02.api.letsencrypt.0rg/acme/chall-v3/20993204590/ZRq9hA”,

“token”: “BwPCu_ttVvpTNpV1UXm7EimMG7H-FGROmIDBpjHZ1fU”

}

==[API call]==

exit status: 0

==[Step 5]==

  • status: 400

  • nonce: 0002pujMF-KPbBAueAS76ZUDiyVU8THb6vPaFI29g5WYKzU

  • validation:

  • details: Unable to update challenge :: authorization must be pending

  • answer: HTTP/2 400

server: nginx

date: Wed, 11 Aug 2021 21:19:31 GMT

content-type: application/problem+json

content-length: 144

boulder-requester: 78214423

cache-control: public, max-age=0, no-cache

link: <acme-v02.api.letsencrypt.0rg/directory>;rel=“index”

replay-nonce: 0002pujMF-KPbBAueAS76ZUDiyVU8THb6vPaFI29g5WYKzU

{

“type”: “urn:ietf:params:acme:error:malformed”,

“detail”: “Unable to update challenge :: authorization must be pending”,

“status”: 400

}

==[Abort Step 5]==

=> Wrong status

http://mail.iddsebring.com/.well-known/acme-challenge/BwPCu_ttVvpTNpV1UXm7EimMG7H-FGROmIDBpjHZ1fU

Is nginx reloading?

Fixed after reload nginx

Thanks