since letsencrypt updates their implementation to the ACMEv2 spec [1], we should correctly parse the order status
1: https://community.letsencrypt.org/t/acmev2-order-ready-status/62866 Signed-off-by: Dominik Csapak <[email protected]> --- the spec does not make it clear if one can finalize an order still pending like it is now, but the pebble source [1] throws an error in this case, so we have to poll the status until 'ready' 1: https://github.com/letsencrypt/pebble/blob/c0cc64314be427c6d39679e95a7794c89a293912/wfe/wfe.go#L1188 PVE/API2/ACME.pm | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/PVE/API2/ACME.pm b/PVE/API2/ACME.pm index 3c85458b..f4171350 100644 --- a/PVE/API2/ACME.pm +++ b/PVE/API2/ACME.pm @@ -90,16 +90,19 @@ my $order_certificate = sub { print "\nCreating CSR\n"; my ($csr, $key) = PVE::Certificate::generate_csr(identifiers => $order->{identifiers}); - print "Finalizing order\n"; - $acme->finalize_order($order, PVE::Certificate::pem_to_der($csr)); - print "Checking order status\n"; while (1) { $order = $acme->get_order($order_url); - if ($order->{status} eq 'pending') { - print "still pending, trying again in 30 seconds\n"; + if ($order->{status} eq 'pending' || + $order->{status} eq 'processing') { + print "still $order->{status}, trying again in 30 seconds\n"; sleep 30; next; + } elsif ($order->{status} eq 'ready') { + print "Order is ready, finalizing order\n"; + $acme->finalize_order($order, PVE::Certificate::pem_to_der($csr)); + sleep 1; + next; } elsif ($order->{status} eq 'valid') { print "valid!\n"; last; -- 2.11.0 _______________________________________________ pve-devel mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
