You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// An order is deactivated if **any** of its authzs are deactivated
if authzStatuses[acme.StatusDeactivated] > 0 {
return acme.StatusDeactivated, nil
}
This is not a correct implementation of the ACME spec. The Order object does not have a "deactivated" state. The spec states it should transition to "invalid".
The order also moves to the "invalid"
state if it expires or one of its authorizations enters a final state
other than "valid" ("expired", "revoked", or "deactivated")
pending --------------+
| |
| All authz |
| "valid" |
V |
ready ---------------+
| |
| Receive |
| finalize |
| request |
V |
processing ------------+
| |
| Certificate | Error or
| issued | Authorization failure
V V
valid invalid
The text was updated successfully, but these errors were encountered:
jvanasco
changed the title
wrong implementation of ACME spec
wrong implementation of ACME spec: Orders should transition to "invalid", not "deactivated"
Feb 22, 2020
jsha
linked a pull request
Feb 24, 2020
that will
close
this issue
Good catch. Thanks for reporting it, and my apologies that you spent so much time trying to track it down. I've uploaded a fix at #301. Want to try that out and let me know if it fixes the issue for you?
I spent the day investigating failing tests, because of a single line in Pebble :(
https://github.com/letsencrypt/pebble/blob/master/core/types.go#L66-L69
This is not a correct implementation of the ACME spec. The Order object does not have a "deactivated" state. The spec states it should transition to "invalid".
7.1.3 Order Objects
7.1.6. Status Changes
Page 32: text following "State Transitions for Authorization Objects"
Page 33: chart "State Transitions for Order Objects"
The text was updated successfully, but these errors were encountered: