Added support for retrieving certificates when asynchronous order finalization is enabled on the ACME server-side.#64
Open
CodeAdminDe wants to merge 2 commits intoafosto:masterfrom
Open
Conversation
…alization is enabled on the ACME server-side. // see: https://community.letsencrypt.org/t/enabling-asynchronous-order-finalization/193522 Description: The `getCertificate()` method in the `Client` class has been updated to handle cases where the certificate is not immediately available and retries fetching the certificate until it becomes valid. This commit also introduces a new (private) method `getCertificateChain()` in the `Client` class, which is used to fetch the certificate chain from the ACME API to avoid implementing the same code multiple times. Additionally, the `Order` class has been updated to include the new `certificate` property and a corresponding `getCertificate()` getter method.
fixed typo `getCertficateChain` => `getCertificateChain`
statio
added a commit
to statio/yaac
that referenced
this pull request
Mar 4, 2025
Merge PR afosto#64 from Upstream
binsky08
reviewed
Jul 14, 2025
| $chain = $this->getCertificateChain($data['certificate']); | ||
| } else { | ||
| if ('processing' == $data['status']) { | ||
| sleep(ceil(15 / $maxAttempts)); |
There was a problem hiding this comment.
Not sure if sleep(ceil(15 / $maxAttempts)); is a good approach here. We should better use a timeout-interval or maxAttempts-interval configuration combination.
may adding $interval = 1 to the function header as third parameter offers more flexibility (and a more obvious linear sleep interval)
beside this, it looks like the sleep should be within the loop?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Desc
This fixes issue #63, which is due to the following (partially planned) change at the ACME server implementation level:
https://community.letsencrypt.org/t/enabling-asynchronous-order-finalization/193522
Tests
I've tested it against LE Staging & LE Live successfully.
Implementation details
The
getCertificate()method in theClientclass has been updated to handle cases where the certificate is not immediately available and retries fetching the certificate until it becomes valid.This also introduces a new (private) method
getCertificateChain()in theClientclass, which is used to fetch the certificate chain from the ACME API to avoid implementing the same code multiple times.Additionally, the
Orderclass has been updated to include the newcertificateproperty and a correspondinggetCertificate()getter method.