Describe the bug
An unexpected error is seen when attempting to request a certificate when the ACME server returns an Authorization object where the status is already valid when the Order is created. This can be the case when a requested domain has been pre-verified in the ACME account. In these cases g. the status of the Authorization will be valid without the ACME client needing to deploy a DNS secret to prove domain control.
To Reproduce
Steps to reproduce the behavior:
Establish an ACME account with an CA that support ACME pre-authorization or out-of-band domain verification
Request a certificate for a domain that has been pre-verified
Observe that the following error is raised:
Orchestrator function 'IssueCertificate' failed: The activity function 'Dns01Authorization' failed: "DNS-01 cannot be used for domains for which a certificate has already been issued using HTTP-01.". See the function execution logs for additional details.
Environment (please complete the following information):
Certificate Type: Sub-domain
Certificate Deploy Target: App Service
Additional context
Example JSON of a Authorization object response that triggers the error.
{"identifier":{"type":"dns","value":"test1.testcertificates.com"},"status":"valid","challenges":[],"wildcard":false}
Thanks for the feedback. We were not aware of that case, we would like to review the PR and if it is not a problem, we would like to go through to the release.
Describe the bug An unexpected error is seen when attempting to request a certificate when the ACME server returns an Authorization object where the status is already valid when the Order is created. This can be the case when a requested domain has been pre-verified in the ACME account. In these cases g. the status of the Authorization will be valid without the ACME client needing to deploy a DNS secret to prove domain control.
To Reproduce Steps to reproduce the behavior:
Environment (please complete the following information):
Additional context
Example JSON of a Authorization object response that triggers the error.
{"identifier":{"type":"dns","value":"test1.testcertificates.com"},"status":"valid","challenges":[],"wildcard":false}