First fulfil all challenges then tell the CA that it should check.
With a CSR with multiple SANs acme-client would write one challenge,
tell the CA, write the next challenge and so on.
For http-01 this doesn't matter but I think this will be nicer for dns-01
because there are propagation delays to consider.
Please be extra careful checking this. If I mess this up people might
run into renewal issues months from now. And when that happens people
tend to comment... (Which I also pull this out of the big diff I'm
currently working on for dns-01.)
OK?
diff --git netproc.c netproc.c
index 38732a4dd01..7c502643acc 100644
--- netproc.c
+++ netproc.c
@@ -840,7 +840,12 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int
rfd,
if (readop(Cfd, COMM_CHNG_ACK) != CHNG_ACK)
goto out;
- /* Write to the CA that it's ready. */
+ }
+ /* Write to the CA that it's ready. */
+ for (i = 0; i < order.authsz; i++) {
+ if (chngs[i].status == CHNG_VALID ||
+ chngs[i].status == CHNG_INVALID)
+ continue;
if (!dochngresp(&c, &chngs[i]))
goto out;
}
--
I'm not entirely sure you are real.
