ACME: implement dns-account-01 challenge type (#996)

* Implement dns-account-01. * Bump draft versions. * dns-account-01 implementation changed in Pebble; only the one used by ansible-core 2.21/devel's ACME simulator matches the latest draft.
2026-05-08 06:13:03 +00:00 · 2026-03-29 20:49:33 +02:00
parent 4a7d18cad5
commit b1ae295fb7
10 changed files with 182 additions and 38 deletions
--- a/plugins/modules/acme_certificate_order_validate.py
+++ b/plugins/modules/acme_certificate_order_validate.py
@@ -65,11 +65,13 @@ options:
      - In case of authorization reuse, or in case of CAs which use External Account Binding
        and other means of validating certificate assurance, it might not be necessary
        to provide this option.
+      - Support for V(dns-account-01) has been added in community.crypto 3.2.0.
    type: str
    choices:
-      - 'http-01'
-      - 'dns-01'
-      - 'tls-alpn-01'
+      - http-01
+      - dns-01
+      - dns-account-01
+      - tls-alpn-01
  order_uri:
    description:
      - The order URI provided by RV(community.crypto.acme_certificate_order_create#module:order_uri).
@@ -246,7 +248,10 @@ def main() -> t.NoReturn:
    argument_spec = create_default_argspec(with_certificate=False)
    argument_spec.update_argspec(
        order_uri={"type": "str", "required": True},
-        challenge={"type": "str", "choices": ["http-01", "dns-01", "tls-alpn-01"]},
+        challenge={
+            "type": "str",
+            "choices": ["http-01", "dns-01", "dns-account-01", "tls-alpn-01"],
+        },
        deactivate_authzs={"type": "bool", "default": True},
    )
    module = argument_spec.create_ansible_module()