From 686e9159e5368a3075ca4c1d242b973ced1b8b66 Mon Sep 17 00:00:00 2001
From: James Munnelly <james.munnelly@jetstack.io>
Date: Wed, 25 Jul 2018 18:05:45 +0100
Subject: [PATCH 1/3] Wait for ACME Orders to be in 'ready' state before
 attempting finalization

---
 pkg/issuer/acme/issue.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pkg/issuer/acme/issue.go b/pkg/issuer/acme/issue.go
index 4c3f10581..baab372f4 100644
--- a/pkg/issuer/acme/issue.go
+++ b/pkg/issuer/acme/issue.go
@@ -48,6 +48,18 @@ func (a *Acme) obtainCertificate(ctx context.Context, crt *v1alpha1.Certificate)
 		return nil, nil, fmt.Errorf("error getting order details: %v", err)
 	}
 
+	if order.Status != acme.StatusReady {
+		err := fmt.Errorf("expected certificate status to be %q, but it is %q", acme.StatusReady, order.Status)
+		// print a more helpful message to users when an order is marked 'valid'.
+		// this happens when all challenges have been completed successfully, but
+		// the acme server has not finished processing the order.
+		if order.Status == acme.StatusValid {
+			err = fmt.Errorf("%v. Waiting until Order transitions into %q state", err, acme.StatusReady)
+		}
+		crt.UpdateStatusCondition(v1alpha1.CertificateConditionReady, v1alpha1.ConditionFalse, errorIssueError, err.Error(), false)
+		return nil, nil, err
+	}
+
 	// get existing certificate private key
 	key, err := kube.SecretTLSKey(a.secretsLister, crt.Namespace, crt.Spec.SecretName)
 	if k8sErrors.IsNotFound(err) || errors.IsInvalidData(err) {

From dbe01c2068d636631c6be622a48e83a413387c20 Mon Sep 17 00:00:00 2001
From: James Munnelly <james.munnelly@jetstack.io>
Date: Wed, 25 Jul 2018 18:23:02 +0100
Subject: [PATCH 2/3] Update pebble to latest in e2e tests

---
 contrib/charts/pebble/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/charts/pebble/values.yaml b/contrib/charts/pebble/values.yaml
index b5857b9c4..0b831f3d9 100644
--- a/contrib/charts/pebble/values.yaml
+++ b/contrib/charts/pebble/values.yaml
@@ -1,7 +1,7 @@
 replicaCount: 1
 image:
   repository: quay.io/munnerz/pebble
-  tag: "20180323"
+  tag: "20180725"
   pullPolicy: IfNotPresent
 service:
   type: ClusterIP

From 441c22c11905929b17d4cb15658dec5ce3051fe7 Mon Sep 17 00:00:00 2001
From: James Munnelly <james.munnelly@jetstack.io>
Date: Wed, 25 Jul 2018 18:28:54 +0100
Subject: [PATCH 3/3] Fix skipping chart validation for pebble and vault

---
 contrib/charts/pebble/Chart.yaml | 2 +-
 test/chart/.testenv              | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/contrib/charts/pebble/Chart.yaml b/contrib/charts/pebble/Chart.yaml
index 93848078c..ed6747bdb 100644
--- a/contrib/charts/pebble/Chart.yaml
+++ b/contrib/charts/pebble/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v1
 description: A Helm chart for Kubernetes
 name: pebble
-version: 0.1.0
+version: 0.1.1
diff --git a/test/chart/.testenv b/test/chart/.testenv
index 0a50327c1..f66d00336 100644
--- a/test/chart/.testenv
+++ b/test/chart/.testenv
@@ -13,8 +13,8 @@ CHART_DIRS=(
 
 # Charts that should be skipped
 EXCLUDED_CHARTS=(
-    pebble
-    vault
+    contrib/charts/pebble
+    contrib/charts/vault
 )
 
 # Additional chart repos to add (<name>=<url>), separated by a space