Hi Andriy Mahats,

I've noticed the following behavior when trying DNS validation with the ACME v2 (RFC 8555) staging endpoint: in case challenges fail, it sometimes happens that the challenge has the "error" field set, while the challenge is in "processing" state (and the corresponding authz object in "pending" state).

Here is a response I got to when GET-as-POST-ing https://api.test4.buypass.no/acme-v02/authz/J5xlz8e8Q5KS01bl03ymrYy9IVcCJ6cGwl5RlEfDZq4:

{
  "identifier": {
    "type": "dns",
    "value": "buypass.tlstest.fonga.ch"
  },
  "status": "pending",
  "challenges":  [
    {
      "type": "dns-01",
      "token": "42173FC770D4A8CB008FA0AC04775213A16F5662",
      "status": "processing",
      "validated": "2019-09-21T19:09:04Z",
      "error": {
        "code": 0,
        "type": "compound",
        "detail": "Errors during validation",
        "subproblems": [
          {
            "code": 0,
            "type": "urn:ietf:params:acme:error:incorrectResponse",
            "detail": "Response received didn't match the challenge's requirements"
          },
          {
            "code": 0,
            "type": "urn:ietf:params:acme:error:incorrectResponse",
            "detail": "Response received didn't match the challenge's requirements"
          }
        ]
      },
      "url": "https://api.test4.buypass.no/acme-v02/authz/J5xlz8e8Q5KS01bl03ymrYy9IVcCJ6cGwl5RlEfDZq4/1"
    }
  ],
  "wildcard": true
}

The HTTP status was 200, and the mdc-correlationid header had value "e7a27125-1452-4b83-82f4-b23e11779733".

According to https://tools.ietf.org/html/rfc8555#page-62,

A challenge object with an error MUST have status equal to "invalid".

Also, after a long time retrieving these objects, I eventually got an Internal Server Error:

{"code":500,"message":"INTERNAL_SERVER_ERROR","details":"HTTP 500 Internal Server Error"}

(Here, mdc-correlationid was "a7438e03-5412-4bd6-b4f7-c767cc4d54c9".)

Best regards,

Felix Fontein