Authorizations valid for 30 days and no certs can be issued if key is compromised

Ack, sorry. Totally mis-read that and missed your comment in first post about remaining_days.

At least the auth being connected to your account should be clear to you now (rather than the private key or csr).

As for your query about the empty challenge data objects, you could post that on the ansible github. They are more familiar with the inner workings of it than we are. We see other acme clients far more frequently.


Thank you all for all the pointers. It helped with the understanding of the Authorization object. The devil is in the details of the ACME client, in this case the Ansible module.

The switch 'deactivate_authzs' helped with the workflow.

On every successful issuance of a certificate the Auth object is forced to expire. Any follow on request for certificates in the workflow ( challenge or otherwise, including a new CSR or remaining_days > cert_days ) behaves as expected.

Both, "challenge_data": {} and "challenge_data_dns": {}, are populated as expected.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.