I’m finishing up a sprint on some features for our SSL Cert Manager (which is v1) and have a small question about how letsencrypt/boulder/acme handles some things.
Our client is based off an earlier version of the acme-tiny library (which now hits the v2 endpoint)
The flow I see is this:
/acme/new-regis hit with the account key if not registered before
/acme/new-authzis hit for each domain to be validated with the account key; challenges are validated
/acme/new-certis hit with the csr and account key
So my understanding is the csr (or a token/session relating to it) is only sent to /new-cert; any relationship of the CSR between the /new-authz and /new-cert is happening through the shared account key on boulder.
is that right or am I just missing something. I expected the csr to be related to the auth and cert commands.