Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Question] Certes.AcmeException: Fail to finalize order #303

Open
MarkLFT opened this issue Oct 24, 2024 · 2 comments
Open

[Question] Certes.AcmeException: Fail to finalize order #303

MarkLFT opened this issue Oct 24, 2024 · 2 comments
Labels

Comments

@MarkLFT
Copy link

MarkLFT commented Oct 24, 2024

I am using Lettuce on a gateway service using YARP. I have created a DNS provider that creates the DNS TXT Entry in the DNS Zone. It has been confirmed this is being created.

Lettuce seems to get to the part where it issues the certificate, but I receive the following error.

[07:13:37 INF] Using existing account for ["mailto:mark@********.com"] <s:LettuceEncrypt.Internal.AcmeCertificateFactory>
[07:13:38 INF] Using account ?????????? <s:LettuceEncrypt.Internal.AcmeStates.ServerStartupState>
[07:13:38 INF] Creating certificate for test.com <s:LettuceEncrypt.Internal.AcmeStates.ServerStartupState>
Loaded '/usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.10/System.Diagnostics.StackTrace.dll'. Skipped loading symbols. Module is optimized and the debugger option 'Just My Code' is enabled.
[07:13:40 ERR] Failed to automatically create a certificate for xero.test.com
<s:LettuceEncrypt.Internal.AcmeStates.ServerStartupState>
Certes.AcmeException: Fail to finalize order.
   at Certes.IOrderContextExtensions.Generate(IOrderContext context, CsrInfo csr, IKey key, String preferredChain, Int32 retryCount)
   at LettuceEncrypt.Internal.AcmeClient.GetCertificateAsync(CsrInfo csrInfo, IKey privateKey, IOrderContext order)
   at LettuceEncrypt.Internal.AcmeCertificateFactory.CompleteCertificateRequestAsync(IOrderContext order, CancellationToken cancellationToken)
   at LettuceEncrypt.Internal.AcmeCertificateFactory.CreateCertificateAsync(CancellationToken cancellationToken)
   at LettuceEncrypt.Internal.AcmeStates.BeginCertificateCreationState.MoveNextAsync(CancellationToken cancellationToken)
[07:13:40 ERR] ACME state machine encountered unhandled error <s:LettuceEncrypt.Internal.AcmeCertificateLoader>
Certes.AcmeException: Fail to finalize order.
   at Certes.IOrderContextExtensions.Generate(IOrderContext context, CsrInfo csr, IKey key, String preferredChain, Int32 retryCount)
   at LettuceEncrypt.Internal.AcmeClient.GetCertificateAsync(CsrInfo csrInfo, IKey privateKey, IOrderContext order)
   at LettuceEncrypt.Internal.AcmeCertificateFactory.CompleteCertificateRequestAsync(IOrderContext order, CancellationToken cancellationToken)
   at LettuceEncrypt.Internal.AcmeCertificateFactory.CreateCertificateAsync(CancellationToken cancellationToken)
   at LettuceEncrypt.Internal.AcmeStates.BeginCertificateCreationState.MoveNextAsync(CancellationToken cancellationToken)
   at LettuceEncrypt.Internal.AcmeCertificateLoader.ExecuteAsync(CancellationToken stoppingToken)

The gateway is running in a docker container. I am using Redis to store the account information and the certificate, but it is not getting as far as saving the certificate.

Does anyone know the cause of this? I have searched the internet for similar messages. I have also searched the Certes repository, but I did not see anything with this message.

@bernatgy
Copy link

bernatgy commented Dec 25, 2024

I have this issue as well :/

"AllowedChallengeTypes": "Http01" does seem to work though...

@bernatgy
Copy link

bernatgy commented Dec 26, 2024

Nevermind my last comment. It worked yesterday, and now it doesn't. Same Certes.AcmeException: Fail to finalize order. error...

Update: Apparently this happens when Let's Encrypt has some service issues. Retrying a few times fixed it again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants