Comments (4)
cpu
commented on September 28, 2024
Hi @iftahbe, thank you for the very detailed bug report! I appreciate it :-)
During the challenge authorization stage, pebble completes the challenge and the authorization status is changed to "valid" (according to the Pebble console output) but in the HTTP response we still get the "pending" status.
Based on the Fiddler trace & Pebble output it looks like you are:
- Creating a new order
- GETing the order
- GETing the order's authorization
- POSTing the authorization's DNS-01 challenge
- POSTing the authorization's DNS-01 challenge
- POSTing the authorization's DNS-01 challenge
.... - Eventually getting an error about updating an already valid challenge.
It sounds like you wanted to be polling the authorization to see when it has changed from "pending" to "valid". This should be done by sending a GET request to the authorization URL. Instead, it seems like you are POSTing the challenge over and over - each time it returns "status":"pending" because it is still pending from the initial POSTs. After the first validation completes the status changes to "valid" and then any additional POSTs to the challenge return an error "Cannot update challenge with status valid, only status pending".
E.g. I'd expect the flow for a single identifier order to be more like:
- Creating a new order
- GETing the new order
- GETing the order's authorization
- POSTing the authorization's DNS-01 challenge
- GETing the order's authorization (Repeat until status != "pending")
- POSTing the order's finalize URL if the order's authorization is now "valid"
- GETing the order (Repeat until certificate URL is present)
- GETing the certificate URL
I don't think there is a bug here. The error you are getting from Pebble is the one I would expect to be delivered to a client that behaved like yours did in the logs :-)
Does that make sense?
from pebble.
cpu
commented on September 28, 2024
FWIW: Starting Pebble with PEBBLE_VA_NOSLEEP=1 should make this even more apparent: The first challenge POST will result in a near-immediate change in the authorization from "pending" -> "valid" and you will see the "Cannot update challenge with status valid" error much sooner as a result.
from pebble.
iftahbe
commented on September 28, 2024
@cpu Thanks a lot for the explanation.
It makes sense yes, I tried to get the status from the challenge itself and not from the order.
I will make the necessary changes :)
from pebble.
cpu
commented on September 28, 2024
@iftahbe Great :-)
It makes sense yes, I tried to get the status from the challenge itself and not from the order.
Just to clarify quickly: you can get the individual authorization's statuses as well but you should do so with a GET request and not a POST.
from pebble.
Related Issues (20)
- Allow to force auth challenge HOT 1
- Implement the "dns-account-01" Challenge in Pebble HOT 9
- Full http logging HOT 1
- fix appveyor CI
- Support must-staple extension HOT 1
- Fix `golangci-lint` HOT 3
- Regression time limit exceeded / TimeoutError HOT 5
- Request for a new release HOT 6
- v2.5.0 docker push failed HOT 9
- ci: AppVeyor is broken HOT 1
- Remove DockerHub images of pebble and pebble-challtestsrv HOT 4
- Cannot set DNS server in Docker image HOT 10
- Docker: Use hostname instead of IP addresses HOT 7
- New Certificates aren't getting Ready HOT 2
- EAB with pebble 2.5.x HOT 12
- Pebble fails to start with externalAccountBinding test config
- The request specified an account that does not exist, [certbot and pebble] HOT 2
- The key authorization file from the server did not match this challenge HOT 1
- Pebble seems to reuse challenges object for different orders HOT 2
- Support profile selection HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pebble.