Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"status: pending" persists forever after an ACME response was sent successfully #40

Open
hrs-allbsd opened this issue Apr 9, 2024 · 2 comments
Open

"status: pending" persists forever after an ACME response was sent successfully #40

hrs-allbsd opened this issue Apr 9, 2024 · 2 comments

Comments

@hrs-allbsd
Copy link

hrs-allbsd commented Apr 9, 2024
edited
Loading

POST requests to https://acme.castle.cloud:443/acme/authz/xxx always return with "status: pending," and eventually, cli.py fails with the "All authorizations were not finalized by the CA" error message. This is almost the same symptom as #39. Is this a problem on the server side, or is something wrong with the client? The log file was something like this:

2024-04-10 01:29:57,533:DEBUG:acme.client:Sending POST request to https://acme.castle.cloud/acme/authz/LpyA01qwQLP:
{
  "protected": "xxx",
  "signature": "xxx",
  "payload": ""
}
2024-04-10 01:29:57,874:DEBUG:urllib3.connectionpool:https://acme.castle.cloud:443 "POST /acme/authz/xxx HTTP/1.1" 200 None
2024-04-10 01:29:57,874:DEBUG:acme.client:Received response:
HTTP 200
Date: Tue, 09 Apr 2024 16:29:57 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
location: https://acme.castle.cloud/acme/authz/xxx
replay-nonce: xxx
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
vary: Origin
access-control-allow-origin: *
strict-transport-security: max-age=7776000
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jxxx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 871be1032d29f68d-NRT
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400

{"status": "pending", "expires": "2024-04-10T16:14:09.501Z", "identifier": {"type": "dns", "value": "foo@example.com"}, "challenges": [{"url": "https://acme.castle.cloud/acme/chall/xxx", "type": "email-reply-00", "token": "xxx", "status": "processing", "from": "acme+xxx@castle.cloud"}]}
@Gradinko
Copy link

Gradinko commented Jun 6, 2024
edited
Loading

I have the same issue using the interactive approach using version 0.14.1. See the command I ran:

python3 cli.py cert --config-dir . --work-dir . --logs-dir . -e XX@XX.com --XX@XX.com --usage digitalSignature --usage keyEncipherment --usage contentCommitment --usage keyAgreement --passphrase XXXXXXXXXXX

I get the email and send the requested response back and wait until I am met with:

2024-06-06 10:20:20,202:DEBUG:urllib3.connectionpool:https://acme.castle.cloud:443 "POST /acme/authz/gwQ4NzSQf5W HTTP/1.1" 200 None
2024-06-06 10:20:20,203:DEBUG:acme.client:Received response:
HTTP 200
Date: Thu, 06 Jun 2024 14:20:20 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
location: https://acme.castle.cloud/acme/authz/gwQ4NzSQf5W
replay-nonce: 6dKdx70DRXjdfIzdBHyTnA
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: same-origin
vary: Origin
access-control-allow-origin: *
strict-transport-security: max-age=7776000
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdDsiCTv2GJy62I1GfeuVS8se0sIryxkuU2syI%2BVsxm5QZ6WkzCiF2KfrfFG7e1rUvmxp8BBk5fp5zBu6H2M71BSqS1q7NzEwkMnxRWs4gcQTGlX7HR1LKmSuA3E3YkZdcJKCQiQuyvv0AXcuWxkaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 88f90ae18e68233b-ORD
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400

{"status": "pending", "expires": "2024-06-07T14:18:27.737Z", "identifier": {"type": "dns", "value": "XX@XX.com"}, "challenges": [{"url": "https://acme.castle.cloud/acme/chall/5hQVEAke23U", "type": "email-reply-00", "token": "XXXXXXXX", "status": "processing", "from": "acme+0hM3PIhKkYw@castle.cloud"}]}
2024-06-06 10:20:20,203:DEBUG:acme.client:Storing nonce: XXXXX
2024-06-06 10:20:20,208:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/private/tmp/acme_email-0.14.1/venv/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/private/tmp/acme_email-0.14.1/venv/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 216, in _poll_authorizations
    raise errors.AuthorizationError('All authorizations were not finalized by the CA.')
certbot.errors.AuthorizationError: All authorizations were not finalized by the CA.

2024-06-06 10:20:20,209:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-06-06 10:20:20,209:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-06-06 10:20:20,209:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/private/tmp/acme_email-0.14.1/cli.py", line 264, in <module>
    main(args)
  File "/private/tmp/acme_email-0.14.1/cli.py", line 202, in main
    request_cert(args, config)
  File "/private/tmp/acme_email-0.14.1/cli.py", line 124, in request_cert
    cert_path, chain_path, fullchain_path = certbot_main._csr_get_and_save_cert(config, le_client)
                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/private/tmp/acme_email-0.14.1/venv/lib/python3.12/site-packages/certbot/_internal/main.py", line 1516, in _csr_get_and_save_cert
    cert, chain = le_client.obtain_certificate_from_csr(csr)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/private/tmp/acme_email-0.14.1/venv/lib/python3.12/site-packages/certbot/_internal/client.py", line 334, in obtain_certificate_from_csr
    orderr = self._get_order_and_authorizations(csr.data, best_effort=False)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/private/tmp/acme_email-0.14.1/venv/lib/python3.12/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/private/tmp/acme_email-0.14.1/venv/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/private/tmp/acme_email-0.14.1/venv/lib/python3.12/site-packages/certbot/_internal/auth_handler.py", line 216, in _poll_authorizations
    raise errors.AuthorizationError('All authorizations were not finalized by the CA.')
certbot.errors.AuthorizationError: All authorizations were not finalized by the CA.
2024-06-06 10:20:20,213:ERROR:certbot._internal.log:All authorizations were not finalized by the CA.

@Gradinko
Copy link

Gradinko commented Jun 6, 2024

For what it's worth, I re-ran the same code and encountered the following error:

An unexpected error occurred:
wrong keyUsage extension

After I removed the --usage keyAgreement flag, it correctly issued the certificate.

@polhenarejos polhenarejos mentioned this issue Jul 31, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hrs-allbsd @Gradinko and others