Merge 0a8d4912a0 into 5072d7a58f

1 month ago · 65d9c1f06b
parent 5072d7a58f 0a8d4912a0
commit 65d9c1f06b
2 changed files with 10 additions and 6 deletions
--- a/acme/api/order.go
+++ b/acme/api/order.go
@ -269,11 +269,18 @@ func newAuthorization(ctx context.Context, az *acme.Authorization) error {
 			Token:     az.Token,
 			Status:    acme.StatusPending,
 		}
+
 		if err := db.CreateChallenge(ctx, ch); err != nil {
 			return acme.WrapErrorISE(err, "error creating challenge")
 		}
 		az.Challenges = append(az.Challenges, ch)
 	}
+
+	//If no challenges were created, set authorization status as valid.
+	if len(az.Challenges) == 0 {
+		az.Status = acme.StatusValid
+	}
+
 	if err = db.CreateAuthorization(ctx, az); err != nil {
 		return acme.WrapErrorISE(err, "error creating authorization")
 	}
--- a/authority/provisioner/acme.go
+++ b/authority/provisioner/acme.go
@ -286,13 +286,10 @@ func (p *ACME) AuthorizeRenew(ctx context.Context, cert *x509.Certificate) error
 	return p.ctl.AuthorizeRenew(ctx, cert)
 }

-// IsChallengeEnabled checks if the given challenge is enabled. By default
-// http-01, dns-01 and tls-alpn-01 are enabled, to disable any of them the
-// Challenge provisioner property should have at least one element.
+// IsChallengeEnabled checks if the given challenge is enabled.
+// Leave the challenges empty to skip challenge validation.
 func (p *ACME) IsChallengeEnabled(_ context.Context, challenge ACMEChallenge) bool {
-	enabledChallenges := []ACMEChallenge{
-		HTTP_01, DNS_01, TLS_ALPN_01,
-	}
+	enabledChallenges := []ACMEChallenge{}
 	if len(p.Challenges) > 0 {
 		enabledChallenges = p.Challenges
 	}