Timothe Litt

Don't get too excited about preauth. https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md Section 7.4.1 Pre-authorization is an optional feature and we have no plans to implement it. V2 clients should use order based issuance without...

I don't think it's quite that simple. Besides finding the authz, you also have to validate that the client can see the token before completing the authz. E.g. if the...

I don't object to exporting `GETSSL_DEBUG`, but I have some reservations about how it would be used. `getssl`'s `-d` is not very granular. I found that when debugging the DNS...

Or at least add to the message - one doesn't expect creating a file to take very long. How about: info "Contacting ${DOMAIN} to determine other host names" Perhaps trap...

Good idea. That should work. Perhaps '2' should be a variable. I still think that there should be a message indicating that the server is being contacted; if s_client happens...

I got that. I like the solution. But look at it from the user's POV. The terminal output is: creating domain **config file** in ... If something is making a...

I will experiment with this & add it to my PR if it works out. Thanks for the prod.

It turns out that `wait -n` requires bash 4.3. I made the timeout conditional and configurable. Doesn't seem worth trying to figure out another approach. I've updated my fork, which...

Might want to have tests verify that `.well-known/acme-challenge` is empty after tests (or depending on your test setup, have the same contents as before each test). Same for DNS `_acme-challenge...

Not sure this is a good idea, especially on the fly. It creates a directory in the webserver tree; a typo in the ACL might be problematic. In addition, there's...