+ # TODO: collect dns modifications per primary NS, update all at once
+ p "Cert #{cert_name}: Iterating over required authorizations"
+ begin
+ retries ||= 0
+ auths = order.authorizations
+ rescue Acme::Client::Error::BadNonce
+ retries += 1
+ p 'Retrying because of invalid nonce.'
+ retry if retries <= 5
+ end
+ auths.each do |auth|
+ p "Cert #{cert_name}: Processing authorization for #{auth.domain}"
+ p "Cert #{cert_name}: Finding challenge type for #{auth.domain}"
+ # p "Cert #{cert_name}: auth is:"
+ # pp auth
+ if auth.status == 'valid'
+ p "Cert #{cert_name}: Authorization for #{auth.domain} is still valid, skipping"
+ next
+ end
+
+ challenge = auth.dns01
+ primary_ns = config.dig('domains', auth.domain, 'primary_ns') || config.dig('defaults', 'domains', 'primary_ns')
+ deploy_dns01_challenge_token(auth.domain, challenge, primary_ns, config)
+ wait_for_challenge_propagation(auth.domain, challenge)
+ wait_for_challenge_validation(challenge, cert_name)
+ end
+ else
+ p "Cert #{cert_name}: Order is ready, we don’t need to authorize"
+ end
+ domain_key = read_cert_key(cert_name)
+
+ get_cert(order, cert_name, cert_opts['domain_names'], domain_key)
+ end