Hi @serverco, @Spydar007:
I checked into this for you and it looks to me like you might have fallen into the case I described on an update to the authz announcement thread:
If your client creates an authorization object and expects to solve multiple challenges it will appear as though some of the challenges are stuck in a pending state. Once the first challenge for an authorization is satisfied and valid the overall authorization changes to valid and no subsequent challenges will be updated. E.g. if I create an authorization and complete the http-01 challenge the authorization will be marked valid and the dns-01 and sni-01 challenges will remain in a pending state.
When I checked the production server logs I can see that the overall authorization for
spydar007.net is valid, and was confirmed by way of a
http-01 challenge (which itself is marked valid). The
tls-sni-01 challenges for the authorization are marked pending. Since we have a valid authz already we won’t verify the DNS-01 challenge for this identifier/account.
Does this make sense given what you two know so-far? If so I would recommend the client code be updated to evaluate the overall authorization record instead of the individual challenges.