Indeed - as @Osiris (Thanks!) points out there isn’t a draft snapshot that captures the TLS-SNI-01 challenge as it exists in Boulder. Draft-01 is close but there were changes made that weren’t captured before the TLS-SNI-02 challenge replaced TLS-SNI-01 outright in Draft-02. Unfortunate side-effect of the IETF draft process and a living document
Sure! There are two functions you’ll want to look at in the Validation Authority:
There are also lots of open source ACME clients you could refer to that implement TLS-SNI-01. Certbot, Acme.sh, etc.
I’ll see about updating the divergences document in the Boulder repo to provide a link to a more concrete description of the TLS-SNI-01 challenge implementation since there isn’t a numbered draft that captures it. Thanks for raising the question!