Dear Let's Encrypt team and community,
we are using the acme-python plugin within our Certificate Management Service. We support DNS as the main domain validation type, and starting to also support http01 validation.
I was wondering, if a SAN certificate request would be able to mix the validation types for each of the domains.
This would be required to support wildcard domains within the SAN, where we need to use the DNS validation method.
The order usually looks something like this, where each authorization contains all supported validation types:
{
"status": "pending",
"expires": "2020-10-08T20:54:46Z",
"identifiers": [
{
"type": "dns",
"value": "domain2.com"
},
{
"type": "dns",
"value": "domain3.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/#identifier",
"https://acme-v02.api.letsencrypt.org/acme/authz/#identifier",
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/#account/#identifier"
}
First Authorization
{
"identifier": {
"type": "dns",
"value": "domain2.com"
},
"status": "pending",
"expires": "2020-10-08T20:54:46Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/#identifier",
"token": "#TOKEN"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/#identifier",
"token": "#TOKEN"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/challenge/#identifier",
"token": "#TOKEN"
}
]
}