From 58e4d337e4eaa93de9ca0fdeb661df5ecdb1e50e Mon Sep 17 00:00:00 2001
From: neilpang <github@byneil.com>
Date: Sun, 26 Feb 2017 12:07:06 +0800
Subject: [PATCH] clear the pending authz when issue error fix bug
 https://github.com/Neilpang/acme.sh/issues/663

---
 acme.sh | 59 ++++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 44 insertions(+), 15 deletions(-)

diff --git a/acme.sh b/acme.sh
index 3def82a0..f11f1f07 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2819,6 +2819,7 @@ _on_before_issue() {
 
 _on_issue_err() {
   _chk_post_hook="$1"
+  _chk_vlist="$2"
   _debug _on_issue_err
   if [ "$LOG_FILE" ]; then
     _err "Please check log file for more details: $LOG_FILE"
@@ -2827,10 +2828,6 @@ _on_issue_err() {
     _err "See: $_DEBUG_WIKI"
   fi
 
-  if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ]; then
-    _debug "$(_dlg_versions)"
-  fi
-
   #run the post hook
   if [ "$_chk_post_hook" ]; then
     _info "Run post hook:'$_chk_post_hook'"
@@ -2841,6 +2838,28 @@ _on_issue_err() {
       return 1
     fi
   fi
+
+  #trigger the validation to flush the pending authz
+  if [ "$_chk_vlist" ]; then
+    (
+    _debug2 "_chk_vlist" "$_chk_vlist"
+    _debug2 "start to deactivate authz"
+    ventries=$(echo "$_chk_vlist" | tr "$dvsep" ' ')
+    for ventry in $ventries; do
+      d=$(echo "$ventry" | cut -d "$sep" -f 1)
+      keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
+      uri=$(echo "$ventry" | cut -d "$sep" -f 3)
+      vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
+      _currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
+      __trigger_validaton "$uri" "$keyauthorization"
+    done
+    )
+  fi
+
+  if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ]; then
+    _debug "$(_dlg_versions)"
+  fi
+
 }
 
 _on_issue_success() {
@@ -3053,6 +3072,16 @@ __get_domain_new_authz() {
 
 }
 
+#uri keyAuthorization
+__trigger_validaton() {
+  _debug2 "tigger domain validation."
+  _t_url="$1"
+  _debug2 _t_url "$_t_url"
+  _t_key_authz="$2"
+  _debug2 _t_key_authz "$_t_key_authz"
+  _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}"
+}
+
 #webroot, domain domainlist  keylength 
 issue() {
   if [ -z "$2" ]; then
@@ -3366,7 +3395,7 @@ issue() {
         _startserver "$keyauthorization" "$_ncaddr" &
         if [ "$?" != "0" ]; then
           _clearup
-          _on_issue_err "$_post_hook"
+          _on_issue_err "$_post_hook" "$vlist"
           return 1
         fi
         serverproc="$!"
@@ -3382,7 +3411,7 @@ issue() {
         BACKUP_NGINX_CONF=""
         if ! _setNginx "$d" "$_currentRoot" "$thumbprint"; then
           _clearup
-          _on_issue_err "$_post_hook"
+          _on_issue_err "$_post_hook" "$vlist"
           return 1
         fi
 
@@ -3417,7 +3446,7 @@ issue() {
           _err "$d:Can not write token to file : $wellknown_path/$token"
           _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
           _clearup
-          _on_issue_err "$_post_hook"
+          _on_issue_err "$_post_hook" "$vlist"
           return 1
         fi
 
@@ -3462,16 +3491,16 @@ issue() {
         _err "Start tls server error."
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
         _clearup
-        _on_issue_err "$_post_hook"
+        _on_issue_err "$_post_hook" "$vlist"
         return 1
       fi
     fi
 
-    if ! _send_signed_request "$uri" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"; then
+    if ! __trigger_validaton "$uri" "$keyauthorization"; then
       _err "$d:Can not get challenge: $response"
       _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
       _clearup
-      _on_issue_err "$_post_hook"
+      _on_issue_err "$_post_hook" "$vlist"
       return 1
     fi
 
@@ -3479,7 +3508,7 @@ issue() {
       _err "$d:Challenge error: $response"
       _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
       _clearup
-      _on_issue_err "$_post_hook"
+      _on_issue_err "$_post_hook" "$vlist"
       return 1
     fi
 
@@ -3494,7 +3523,7 @@ issue() {
         _err "$d:Timeout"
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
         _clearup
-        _on_issue_err
+        _on_issue_err "$_post_hook" "$vlist"
         return 1
       fi
 
@@ -3506,7 +3535,7 @@ issue() {
         _err "$d:Verify error:$response"
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
         _clearup
-        _on_issue_err "$_post_hook"
+        _on_issue_err "$_post_hook" "$vlist"
         return 1
       fi
       _debug2 original "$response"
@@ -3541,7 +3570,7 @@ issue() {
         fi
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
         _clearup
-        _on_issue_err "$_post_hook"
+        _on_issue_err "$_post_hook" "$vlist"
         return 1
       fi
 
@@ -3551,7 +3580,7 @@ issue() {
         _err "$d:Verify error:$response"
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
         _clearup
-        _on_issue_err "$_post_hook"
+        _on_issue_err "$_post_hook" "$vlist"
         return 1
       fi