Currently, if a certificate request fails one of its authz, there is very little logging as to what caused it. In certificates with large numbers of alt_names, it is very difficult to diagnose which domain failed its http auth or figure out the specific reason as to why it failed, leading to a headache for dns admins using this on anything other than trivial instances.
Fix
Adjust the block that triggers the fail so that it includes some additional information about what the failure is, and include it in the output of the chef run.
thoutenbos
commented
4 years ago
Problem
Currently, if a certificate request fails one of its authz, there is very little logging as to what caused it. In certificates with large numbers of alt_names, it is very difficult to diagnose which domain failed its http auth or figure out the specific reason as to why it failed, leading to a headache for dns admins using this on anything other than trivial instances.
Fix
Adjust the block that triggers the fail so that it includes some additional information about what the failure is, and include it in the output of the chef run.