From 117bd824368ee1712f4095b405184ca13dad982b Mon Sep 17 00:00:00 2001
From: siddharth <s@ricketyspace.net>
Date: Fri, 16 Apr 2021 21:22:35 -0400
Subject: acmens.py: update sign_csr

* acmens.py (sign_csr): Update _do_challenge; add handling to fallback
to http-01 challenge if dns-01 is preferred but not available.
---
 acmens.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'acmens.py')

diff --git a/acmens.py b/acmens.py
index 9946ba1..1a856c0 100644
--- a/acmens.py
+++ b/acmens.py
@@ -134,8 +134,20 @@ def sign_csr(account_key, csr, email=None, challenge_type="http"):
         )
         domain = chl_result["identifier"]["value"]
 
-        type_id = "dns-01" if challenge_type == "dns" else "http-01"
-        challenge = [c for c in chl_result["challenges"] if c["type"] == type_id][0]
+        # Choose challenge.
+        preferred_type = "dns-01" if challenge_type == "dns" else "http-01"
+        challenge = None
+        http_challenge = None
+        for c in chl_result["challenges"]:
+            if c["type"] == preferred_type:
+                challenge = c
+            if c["type"] == "http-01":
+                http_challenge = c
+        if challenge is None:
+            if http_challenge is None:
+                sys.stderr.write("Error: Unable to find challenges!")
+                sys.exit(1)
+            challenge = http_challenge  # Fallback to http challenge.
         keyauthorization = "{0}.{1}".format(challenge["token"], thumbprint)
         dns_payload = _b64(hashlib.sha256(keyauthorization.encode()).digest())
 
-- 
cgit v1.2.3