mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-03-31 08:01:35 +02:00
418f0c0bbe
If server returns an auth with status valid it seems that client needs to always skip it, CA can recycle authorizations, without this change haproxy fails to obtain certificates in that case. It is also something that is explicitly allowed and stated in the dns-persist-01 draft RFC. Note that it would be better to change how haproxy does status polling, and implements the state machine, but that will take some thought and time, this patch is a quick fix of the problem. See: https://github.com/letsencrypt/boulder/issues/2125 https://github.com/letsencrypt/pebble/issues/133 This must be backported to 3.2 and later.