Open augjoh opened 3 years ago
This is correct. However, Certbot overrides any identifier type and always sends dns
when making a new order. In particular, it uses IdentifierType.IDENTIFIER_FQDN
(see certbot code). Awared of this issue, I had two options:
email-reply-00
challenge only specifies one identifier type, I adapted the backend to support dns
and email
identifier types when email-reply-00
is used. This is not 100% RFC compliant but it achieves the objective.I do not know the future plans of Certbot or even email-reply-00
challenge will be supported. I hope it will, but in the meantime, I provide this temporary solution.
When ordering an identifier, type
dns
is used. An RFC8823 conformant order should have type set toemail
.Please see https://datatracker.ietf.org/doc/html/rfc8823#section-3 for more information.