Lets Encrypt Error Let's Encrypt finalize bad status 403 on every new domain, But users that already exists in the server are good

=============================
Date Time: 2024-09-25 04:12:02
WEB_SYSTEM: nginx
PROXY_SYSTEM:
user: shsg
domain: shsg.net

==[Step 1]==

  • status: 200
  • nonce: fCBw7MtQ3tqzvNmuyFs07hN7tgJXYL7RovAAIEnBsVpQ5sSh9cA
  • answer: HTTP/2 200
    server: nginx
    date: Wed, 25 Sep 2024 13:12:03 GMT
    content-type: application/json
    content-length: 746
    cache-control: public, max-age=0, no-cache
    replay-nonce: fCBw7MtQ3tqzvNmuyFs07hN7tgJXYL7RovAAIEnBsVpQ5sSh9cA
    x-frame-options: DENY
    strict-transport-security: max-age=604800

==[API call]==
exit status: 0

==[Step 2]==

{
“status”: “pending”,
“expires”: “2024-10-02T13:12:03Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “shsg.net”
},
{
“type”: “dns”,
“value”: “www.shsg.net”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz-v3/408241585636”,
“https://acme-v02.api.letsencrypt.org/acme/authz-v3/408241585646”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/1966277286/308226375576”
}
order: https://acme-v02.api.letsencrypt.org/acme/order/1966277286/308226375576

==[API call]==
exit status: 0

==[Step 3]==

  • status: 200
  • nonce: 0Nvv4YSt20qnbrnVPQRP4NaWPjKKFltKJMLUiGh59E-ECKVQTiw
  • url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585636/1aFB-Q
  • token: WuyPIiL28JKfQIk0-ZBuM-dBHzBvVSjEk3Pubzj1pXk
  • answer: HTTP/2 200
    server: nginx
    date: Wed, 25 Sep 2024 13:12:03 GMT
    content-type: application/json
    content-length: 792
    boulder-requester: 1966277286
    cache-control: public, max-age=0, no-cache
    link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
    replay-nonce: 0Nvv4YSt20qnbrnVPQRP4NaWPjKKFltKJMLUiGh59E-ECKVQTiw
    x-frame-options: DENY
    strict-transport-security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “shsg.net”
},
“status”: “pending”,
“expires”: “2024-10-02T13:12:03Z”,
“challenges”: [
{
“type”: “dns-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585636/lRiDaA”,
“status”: “pending”,
“token”: “WuyPIiL28JKfQIk0-ZBuM-dBHzBvVSjEk3Pubzj1pXk”
},
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585636/1aFB-Q”,
“status”: “pending”,
“token”: “WuyPIiL28JKfQIk0-ZBuM-dBHzBvVSjEk3Pubzj1pXk”
},
{
“type”: “tls-alpn-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585636/nWeeKg”,
“status”: “pending”,
“token”: “WuyPIiL28JKfQIk0-ZBuM-dBHzBvVSjEk3Pubzj1pXk”
}
]
}

==[API call]==
exit status: 0

==[Step 5]==

{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585636/1aFB-Q”,
“status”: “pending”,
“token”: “WuyPIiL28JKfQIk0-ZBuM-dBHzBvVSjEk3Pubzj1pXk”
}

==[API call]==
exit status: 0

==[Step 3]==

  • status: 200
  • nonce: 0Nvv4YStm4HVQawiTk7qgokUou2G-b0xKx3cPHBVX57l03EHi0s
  • url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585646/umH0Jg
  • token: bBZfCA6kRJPgwRGCPux8xAYQ3oQ8SOv7cPAG1PhBMT8
  • answer: HTTP/2 200
    server: nginx
    date: Wed, 25 Sep 2024 13:12:13 GMT
    content-type: application/json
    content-length: 796
    boulder-requester: 1966277286
    cache-control: public, max-age=0, no-cache
    link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
    replay-nonce: 0Nvv4YStm4HVQawiTk7qgokUou2G-b0xKx3cPHBVX57l03EHi0s
    x-frame-options: DENY
    strict-transport-security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “www.shsg.net”
},
“status”: “pending”,
“expires”: “2024-10-02T13:12:03Z”,
“challenges”: [
{
“type”: “dns-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585646/9uHBzw”,
“status”: “pending”,
“token”: “bBZfCA6kRJPgwRGCPux8xAYQ3oQ8SOv7cPAG1PhBMT8”
},
{
“type”: “tls-alpn-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585646/5tVzqg”,
“status”: “pending”,
“token”: “bBZfCA6kRJPgwRGCPux8xAYQ3oQ8SOv7cPAG1PhBMT8”
},
{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585646/umH0Jg”,
“status”: “pending”,
“token”: “bBZfCA6kRJPgwRGCPux8xAYQ3oQ8SOv7cPAG1PhBMT8”
}
]
}

==[API call]==
exit status: 0

==[Step 5]==

{
“type”: “http-01”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/408241585646/umH0Jg”,
“status”: “pending”,
“token”: “bBZfCA6kRJPgwRGCPux8xAYQ3oQ8SOv7cPAG1PhBMT8”
}

==[API call]==
exit status: 0

==[Step 6]==

  • status: 403
  • nonce: UAMvsxnwidMd9TDQQB6glwJ2iNGGpPe8xQRTpgSni9tBKFsTIsk
  • payload: {“csr”:“MIIFAzCCAusCAQAwgYkxHDAaBgkqhkiG9w0BCQEWDWluZm9Ac2hzZy5uZXQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQKDAZIZXN0aWExCzAJBgNVBAsMAklUMREwDwYDVQQDDAhzaHNnLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOk8XvPyqxT0AW33gGtBD7Yyx62D-WFzzvA2CACuuxfrZrkkFvR8A4FK9kFk36tzC8W0_SHVaBPulher1QXyJ7Ie9M-JoDfbHp-pBbSfwPd5tVXWt7rWhtgFnHQo5Wc3uh0bi6RNodAeGm3CiamfiUcey79iIyzkOrMvEtetPZ2E4HdBuqPycebu2uQc3RjF0Or4vUAXI5WJJvE33W_hIPGB2EA5Yga9uTsvKDdG3TBBMY80cgBR9BbkkhpOSGh_os0SjyKbKf-6xLh1vS7Igta5wcj4MGy7qN4HzPnnAY_zMPpoc5tTfL3AO28rBR0FmHf2i39AA4gsGML13LOGiXs583_CiRnBlSWdXhBC5N-Py9pbzfm3vpbKsPAXURfHxKH4L9xky4qXGWh9XcDrf_h7iSob1zQPQdFbUtr_7IEFAPvuCgGZP2Gj5VS2KVmLla840-bpGx0wEL3eEMOKPet-G9rWeBpO8nlzLTMLbspuNb7WZ0cB_fwG8kdhJkBk8P7C2omvJ_1q55_2VRwLCIPPJdQP0CjF1tIR9YFOQ6MOY_1om4a_Fhau-9255W8-mA1fXPwF7QcQjg-oXmUCO2NWmagHSY1yjjDkNdd_UQx20t97hgASxRnEHexHxc9Ux8yfGaJHGzDldTh4vPzWcqGw6mzxjhXUbKiKBMF4EnOlAgMBAAGgNDAyBgkqhkiG9w0BCQ4xJTAjMCEGA1UdEQQaMBiCCHNoc2cubmV0ggx3d3cuc2hzZy5uZXQwDQYJKoZIhvcNAQELBQADggIBAGtpj503AsTmIwc9T8xdAX0-XHEcRqRGeS1eHHXjyuBlpuIK_6jqj9yOE8RzLxoZni57VmsPjiKqSqwyKzdf3D6LG-Uq_CEhySZMaT202G6LQ1__jJsH04NZBnRNoHl-SLE1B6KItVckCQRLgoK46Nl3_IFdJ-2JIMdgTnEdVBSPKD3b5K9iiGeAzWC3Yh5ggJZO2y8e-hpMF2-skrirsA9iY6S8LQU7ZuTMtNKWxYl3G250zQ4-pq3I7WwZQ04tfLOaQFsoU3HRIb1baBxPzVLXZjEWnaZ0c6rcK2XBPCwFfEWo5bH46TUXBm-VhmaJwB47JWYKNUbahhRPmDrg4H9OcaP17NsW1g1qDoyNBr_EvOq3GOdaCyaRkNjL0ulnItN8yd323CL7T4eHidV49M9L7a7ip3FRglpIDq8QPNM6M3IRA7MHI1hy0QIDgahr2j3YRiaNwcgf_OlRZct5wKHnnWgHOZ0R7Vjccx0WP6ZlKeSkPme6WW1xcB3tHZQSeODSeOwZ4XTMWiT3EOmqApuwmz_qotWQCR3Sif0YdiSQWfN3AWD_FgOnZaUYSx_O1UDPmUyWzvkvj2luwvxR99sYFGfNqXa_kcAg8KvOhiKIir9pvDUWsqdqeI8rAfOhOIDC2cV-gUJj2EGDoMsblVFY1TJg_g67Skvc7tyg9GAm”}
  • certificate:
  • answer: HTTP/2 403
    server: nginx
    date: Wed, 25 Sep 2024 13:12:24 GMT
    content-type: application/problem+json
    content-length: 152
    boulder-requester: 1966277286
    cache-control: public, max-age=0, no-cache
    link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
    replay-nonce: UAMvsxnwidMd9TDQQB6glwJ2iNGGpPe8xQRTpgSni9tBKFsTIsk

{
“type”: “urn:ietf:params:acme:error:orderNotReady”,
“detail”: “Order’s status ("invalid") is not acceptable for finalization”,
“status”: 403
}

This is my Error in the log

I’m using Nginx server no reverse proxy,

I noticed these issues when the number of users on the server increased. They are around 160 on the server with around 200 ish websites running on the server

1 Like

First off, I haven’t had time to look over your issue too deeply, but just wanted to pop in and throw out an idea that you’ve probably already considered just to be safe… On my server I was getting the 403 error with LE (apparently) because I wasn’t waiting long enough for my user’s domain name DNS changes to propagate. Again, not sure if this even remotely relevant to your issue, and if not I apologize, but I thought it might be worth throwing it out there.

1 Like

No, it’s not

I tried creating new subdomains too.

My best guess is with too many files open this issues is happening I have around 150+ users running on my server

If that is the case us the search function it has been handled many times