Error while renewing SSL certificate from Lets encrypt (Error: Let's Encrypt finalize bad status 403)

Community Support Install & Set-Up
1

I am trying to renew SSL certificate from web interface but getting this error. Renew was happening successfully but this time no renew. I tried to re issue certificate from web interface but getting this error (Error: Let’s Encrypt finalize bad status 403)

Relevant Log
==[Step 6]==

  • status: 403
  • nonce: QYxeyab80QWp2bmO3am_7kVb8vJtHVDUcEEg3fRWo45Q45NaMIM
  • payload: {“csr”:“…”}
  • certificate:
  • answer: HTTP/2 403
    server: nginx
    date: Mon, 05 Aug 2024 07:41:57 GMT
    content-type: application/problem+json
    content-length: 152
    boulder-requester: 1404005416
    cache-control: public, max-age=0, no-cache
    link: <acme-v02.api.letsencrypt.org/directory>;rel=“index”
    replay-nonce: QYxeyab80QWp2bmO3am_7kVb8vJtHVDUcEEg3fRWo45Q45NaMIM

{
“type”: “urn:ietf:params:acme:error:orderNotReady”,
“detail”: “Order’s status ("invalid") is not acceptable for finalization”,
“status”: 403
}

2

Please share more of the logs…

1 Like
3

Additional log (I have stripped out full Urls as it seems new members aren’t allowed to post more than 2 urls)
==[Step 3]==

  • status: 200
  • nonce: VbHcGKwnKVkZIJmTxV4hj9Ch0dxAemrbO6jScHN3n0v-9MghrxA
  • url: /acme/chall-v3/386297294397/cm9qpA
  • token: MWwFSK5wENG8-2Q3YA03AEcBLKcox6lve-aJjEQjRSA
  • answer: HTTP/2 200
    server: nginx
    date: Mon, 05 Aug 2024 07:41:45 GMT
    content-type: application/json
    content-length: 802
    boulder-requester: 1404005416
    cache-control: public, max-age=0, no-cache
    link: ;rel=“index”
    replay-nonce: VbHcGKwnKVkZIJmTxV4hj9Ch0dxAemrbO6jScHN3n0v-9MghrxA
    x-frame-options: DENY
    strict-transport-security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “domain.com
},
“status”: “pending”,
“expires”: “2024-08-12T07:41:45Z”,
“challenges”: [
{
“type”: “http-01”,
“url”: “/acme/chall-v3/386297294397/cm9qpA”,
“status”: “pending”,
“token”: “MWwFSK5wENG8-2Q3YA03AEcBLKcox6lve-aJjEQjRSA”
},
{
“type”: “dns-01”,
“url”: “/acme/chall-v3/386297294397/9PcDuQ”,
“status”: “pending”,
“token”: “MWwFSK5wENG8-2Q3YA03AEcBLKcox6lve-aJjEQjRSA”
},
{
“type”: “tls-alpn-01”,
“url”: “/acme/chall-v3/386297294397/OBUEhg”,
“status”: “pending”,
“token”: “MWwFSK5wENG8-2Q3YA03AEcBLKcox6lve-aJjEQjRSA”
}
]
}

==[Step 5]==

  • status: 200
  • url: -
  • nonce: Cb9-D9qJwZEkE7b_3kjB1VK5C1DZm9Uo8BJ6tmJ8s41Ew0FFouw
  • validation: /acme/chall-v3/386297294397/cm9qpA
  • details:
  • answer: HTTP/2 200
    server: nginx
    date: Mon, 05 Aug 2024 07:41:51 GMT
    content-type: application/json
    content-length: 187
    boulder-requester: 1404005416
    cache-control: public, max-age=0, no-cache
    link: ;rel=“index”
    link: </acme/authz-v3/386297294397>;rel=“up”
    location: /acme/chall-v3/386297294397/cm9qpA
    replay-nonce: Cb9-D9qJwZEkE7b_3kjB1VK5C1DZm9Uo8BJ6tmJ8s41Ew0FFouw
    x-frame-options: DENY
    strict-transport-security: max-age=604800

{
“type”: “http-01”,
“url”: “/acme/chall-v3/386297294397/cm9qpA”,
“status”: “pending”,
“token”: “MWwFSK5wENG8-2Q3YA03AEcBLKcox6lve-aJjEQjRSA”
}

4

Finally issue is fixes. There was a domain forwarding record added on domain registrar site from www.domain.com to https://domain.com. I had also setup alias on Hestia panel. This resulted in some sort of conflict and was unable to renew ssl.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.