DNS based validation fails on renew


Based on the debug output of Crypt::LE I assumed that the response includes both arrays, the (accepted) identifiers and the (corresponding) authorizations. The spec only lists the authorizations.

Section 7.4 shows a returned order object from a neworder request. It has both the identifiers field and the authorizations field.

Some good inputs here. Interestingly enough, when sticking to just one protocol version it is a little easier to account for this non-guaranteed order - for example online ZeroSSL client does this, since it has been specifically changed to support v2. The same time the Crypt::LE library supports both v1 and v2 in a way to maintain compatibility and provide non-breaking experience for any code using that library. But in the view of the clarifications given above, there will be certainly some (still non-breaking) changes coming up in 0.32 to handle that order/amount variations :slight_smile:

And since we are talking about identifiers - for the IDN cases, in which form the identifier in the response for the auth URL is guaranteed to be returned - punycoded or not?.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.