On Mon, Feb 23, 2026 at 01:04:46AM +0200, Mia Kanashi wrote: > Subject: [PATCH] BUG/MEDIUM: acme: skip doing challenge if it is already valid > If server returns an auth with status valid it seems that client > needs to always skip it, CA can recycle authorizations, without > this change haproxy fails to obtain certificates in that case. > It is also something that is explicitly allowed and stated > in the dns-persist-01 draft RFC. > > Note that it would be better to change how haproxy does status polling, > and implements the state machine, but that will take some thought > and time, this patch is a quick fix of the problem. > > See: > https://github.com/letsencrypt/boulder/issues/2125 > https://github.com/letsencrypt/pebble/issues/133
Still under my radar but I didn't had time this week to test that. -- William Lallemand
