instead of relying that the authorization URLs and the ordered
identifiers are sorted the same way for already validated
authorizations.
on the contrary, RFC 8555 even says:
"The authorizations required are dictated by server policy; there may
not be a 1:1 relationship between the order identifiers and the
authorizations required."
authorizations MUST always include a single identifier, no matter which
state they are in.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
mixed bag of improvements:
- return hash based on domain
- check for duplicate domains, allow overlap between main and additional
keys otherwise
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
since letsencrypt updates their implementation to the ACMEv2 spec [1],
we should correctly parse the order status
1: https://community.letsencrypt.org/t/acmev2-order-ready-status/62866
note that we (for now) try to be compatbile to both versions,
with and without ready state, this can be changed when all letsencrypt
apis have changed
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
for creating/ordering a new certificate and renewing respectively
revoking an existing one.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
