adding domain names fails

[namtab00]

Hi @ffMathy.

Thank you for this great lib.

I had initially setup everything with one domain name, running correctly.
Renewal is setup 30 days / 7 days

I've added two domain names.
Just starting the app produces no error, but the cert continues to have just one domain name.

I've tried wiping the saved _Account and _Site files.

This fails with: urn:ietf:params:acme:error:orderNotReady: Order's status ("pending") is not acceptable for finalization.'

INFO  2020-05-14 20:52:22,429 [1    ] ncrypt.Certes.ILetsEncryptRenewalService - Application started
INFO  2020-05-14 20:52:22,429 [1    ] ncrypt.Certes.ILetsEncryptRenewalService - Application started
info: FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider[0]
      Checking to see if in-memory LetsEncrypt certificate needs renewal.
INFO  2020-05-14 20:52:22,435 [22   ] Encrypt.Certificates.CertificateProvider - Checking to see if in-memory LetsEncrypt certificate needs renewal.
INFO  2020-05-14 20:52:22,435 [22   ] Encrypt.Certificates.CertificateProvider - Checking to see if in-memory LetsEncrypt certificate needs renewal.
info: FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider[0]
      Checking to see if existing LetsEncrypt certificate has been persisted and is valid.
INFO  2020-05-14 20:52:22,437 [22   ] Encrypt.Certificates.CertificateProvider - Checking to see if existing LetsEncrypt certificate has been persisted and is valid.
INFO  2020-05-14 20:52:22,437 [22   ] Encrypt.Certificates.CertificateProvider - Checking to see if existing LetsEncrypt certificate has been persisted and is valid.
info: FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider[0]
      No valid certificate was found. Requesting new certificate from LetsEncrypt.
INFO  2020-05-14 20:52:22,441 [22   ] Encrypt.Certificates.CertificateProvider - No valid certificate was found. Requesting new certificate from LetsEncrypt.
INFO  2020-05-14 20:52:22,441 [22   ] Encrypt.Certificates.CertificateProvider - No valid certificate was found. Requesting new certificate from LetsEncrypt.
dbug: FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClientFactory[0]
      Creating LetsEncrypt account with email [email protected].
DEBUG 2020-05-14 20:52:22,447 [22   ] sEncrypt.Certes.LetsEncryptClientFactory - Creating LetsEncrypt account with email [email protected].
DEBUG 2020-05-14 20:52:22,447 [22   ] sEncrypt.Certes.LetsEncryptClientFactory - Creating LetsEncrypt account with email [email protected].
info: FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient[0]
      Ordering LetsEncrypt certificate for domains tenant-myname.mydomain.tld, defaulttenant-myname.mydomain.tld.
INFO  2020-05-14 20:52:24,014 [5    ] Net.LetsEncrypt.Certes.LetsEncryptClient - Ordering LetsEncrypt certificate for domains tenant-myname.mydomain.tld, defaulttenant-myname.mydomain.tld.
INFO  2020-05-14 20:52:24,014 [5    ] Net.LetsEncrypt.Certes.LetsEncryptClient - Ordering LetsEncrypt certificate for domains tenant-myname.mydomain.tld, defaulttenant-myname.mydomain.tld.
info: FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient[0]
      Validating all pending order authorizations.
INFO  2020-05-14 20:52:25,118 [6    ] Net.LetsEncrypt.Certes.LetsEncryptClient - Validating all pending order authorizations.
INFO  2020-05-14 20:52:25,118 [6    ] Net.LetsEncrypt.Certes.LetsEncryptClient - Validating all pending order authorizations.
dbug: FluffySpoon.AspNet.LetsEncrypt.Certes.ILetsEncryptChallengeApprovalMiddleware[0]
      Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
DEBUG 2020-05-14 20:52:25,849 [25   ] .ILetsEncryptChallengeApprovalMiddleware - Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
DEBUG 2020-05-14 20:52:25,849 [25   ] .ILetsEncryptChallengeApprovalMiddleware - Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
dbug: FluffySpoon.AspNet.LetsEncrypt.Certes.ILetsEncryptChallengeApprovalMiddleware[0]
      Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
DEBUG 2020-05-14 20:52:26,665 [15   ] .ILetsEncryptChallengeApprovalMiddleware - Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
DEBUG 2020-05-14 20:52:26,665 [15   ] .ILetsEncryptChallengeApprovalMiddleware - Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
dbug: FluffySpoon.AspNet.LetsEncrypt.Certes.ILetsEncryptChallengeApprovalMiddleware[0]
      Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
DEBUG 2020-05-14 20:52:27,676 [9    ] .ILetsEncryptChallengeApprovalMiddleware - Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
DEBUG 2020-05-14 20:52:27,676 [9    ] .ILetsEncryptChallengeApprovalMiddleware - Challenge invoked: /.well-known/acme-challenge/D431C3-xyZQOChKgiWUs7HX1HGc8PkQ6lblVrv50XKg
info: FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient[0]
      Acquiring certificate through signing request.
INFO  2020-05-14 20:52:28,350 [5    ] Net.LetsEncrypt.Certes.LetsEncryptClient - Acquiring certificate through signing request.
INFO  2020-05-14 20:52:28,350 [5    ] Net.LetsEncrypt.Certes.LetsEncryptClient - Acquiring certificate through signing request.
warn: FluffySpoon.AspNet.LetsEncrypt.Certes.ILetsEncryptRenewalService[0]
      Exception occured renewing certificates: 'Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13676530/92465686'.
urn:ietf:params:acme:error:orderNotReady: Order's status ("pending") is not acceptable for finalization.'
Certes.AcmeRequestException: Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13676530/92465686'.
urn:ietf:params:acme:error:orderNotReady: Order's status ("pending") is not acceptable for finalization
   at Certes.Acme.IAcmeHttpClientExtensions.Post[T](IAcmeHttpClient client, Uri uri, Object payload, Boolean ensureSuccessStatusCode)
   at Certes.Acme.OrderContext.Finalize(Byte[] csr)
   at Certes.IOrderContextExtensions.Finalize(IOrderContext context, CsrInfo csr, IKey key)
   at Certes.IOrderContextExtensions.Generate(IOrderContext context, CsrInfo csr, IKey key)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient.AcquireCertificateBytesFromOrderAsync(IOrderContext order)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient.FinalizeOrder(PlacedOrder placedOrder)
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RequestNewLetsEncryptCertificate()
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RequestNewLetsEncryptCertificate()
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RenewCertificateIfNeeded(X509Certificate2 current)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceAsync()
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceAsync()
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceWithErrorHandlingAsync()
WARN  2020-05-14 20:52:29,165 [7    ] ncrypt.Certes.ILetsEncryptRenewalService - Exception occured renewing certificates: 'Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13676530/92465686'.
urn:ietf:params:acme:error:orderNotReady: Order's status ("pending") is not acceptable for finalization.'
Certes.AcmeRequestException: Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13676530/92465686'.
urn:ietf:params:acme:error:orderNotReady: Order's status ("pending") is not acceptable for finalization
   at Certes.Acme.IAcmeHttpClientExtensions.Post[T](IAcmeHttpClient client, Uri uri, Object payload, Boolean ensureSuccessStatusCode)
   at Certes.Acme.OrderContext.Finalize(Byte[] csr)
   at Certes.IOrderContextExtensions.Finalize(IOrderContext context, CsrInfo csr, IKey key)
   at Certes.IOrderContextExtensions.Generate(IOrderContext context, CsrInfo csr, IKey key)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient.AcquireCertificateBytesFromOrderAsync(IOrderContext order)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient.FinalizeOrder(PlacedOrder placedOrder)
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RequestNewLetsEncryptCertificate()
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RequestNewLetsEncryptCertificate()
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RenewCertificateIfNeeded(X509Certificate2 current)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceAsync()
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceAsync()
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceWithErrorHandlingAsync()
WARN  2020-05-14 20:52:29,165 [7    ] ncrypt.Certes.ILetsEncryptRenewalService - Exception occured renewing certificates: 'Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13676530/92465686'.
urn:ietf:params:acme:error:orderNotReady: Order's status ("pending") is not acceptable for finalization.'
Certes.AcmeRequestException: Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/finalize/13676530/92465686'.
urn:ietf:params:acme:error:orderNotReady: Order's status ("pending") is not acceptable for finalization
   at Certes.Acme.IAcmeHttpClientExtensions.Post[T](IAcmeHttpClient client, Uri uri, Object payload, Boolean ensureSuccessStatusCode)
   at Certes.Acme.OrderContext.Finalize(Byte[] csr)
   at Certes.IOrderContextExtensions.Finalize(IOrderContext context, CsrInfo csr, IKey key)
   at Certes.IOrderContextExtensions.Generate(IOrderContext context, CsrInfo csr, IKey key)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient.AcquireCertificateBytesFromOrderAsync(IOrderContext order)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptClient.FinalizeOrder(PlacedOrder placedOrder)
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RequestNewLetsEncryptCertificate()
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RequestNewLetsEncryptCertificate()
   at FluffySpoon.AspNet.LetsEncrypt.Certificates.CertificateProvider.RenewCertificateIfNeeded(X509Certificate2 current)
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceAsync()
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceAsync()
   at FluffySpoon.AspNet.LetsEncrypt.Certes.LetsEncryptRenewalService.RunOnceWithErrorHandlingAsync()

What is the correct way to add names to an already configured certificate ?

[namtab00]

Might these links be relevant: ?

• https://community.letsencrypt.org/t/error-when-finalizing-order/104649)
• https://community.letsencrypt.org/t/unable-to-generate-certificate-from-net-with-production-url/79250/20

[namtab00]

I've also tried varying all configured values (email, csr info, certificate prefix), but I'm getting the same error...

Here is my mapped json config (censored values):

"LetsEncrypt": {
   "Enabled": true,
   "CertFilesRelativePath": "App_Data\\LetsEncrypt",
   "CertFilesPrefix": "multitenant_cert_staging",
   "Email": "some email", //LetsEncrypt will send an e-mail here when the certificate is about to expire
   "Domains": [ "defaulttenant-myname.mydomain.tld", "tenant-myname.mydomain.tld" ],
   "UseStaging": true, //switch to true to generate test certs ( these are invalid)
   "TimeUntilExpiryBeforeRenewal": "30", //renew automatically 30 days before expiry
   "TimeAfterIssueDateBeforeRenewal": "7", //renew automatically 7 days after the last certificate was issued
   "CertificateSigningRequest": {
     "CountryName": "country",
     "Locality": "country code",
     "Organization": "org",
     "OrganizationUnit": "org unit",
     "State": "us state"
   }
 },

The previously, all working, domain names array only had "somename.mydomain.tld".

What exactly do I need to vary to generate a completely new cert ?

I've tried with staging both true and false...

I believe there is an issue with validation for multiple domain names..

[willdean]

A couple of things:

• It is trying to generate a completely new certificate - there isn't a problem in that regard.
• There isn't a general problem generating certificates with multiple domains, I've just done that here as a test.

There may be more trace at the most verbose level (the level beyond 'Debug') - I'm not quite sure how you're capturing the log, but it seems to be doubling-up a lot of lines?

When you ask for multiple domains in a certificate, the LE systems will send challenges for each of the domains - is your app definitely able to serve requests for both those domains?