If you're going to make this change I'd also consider changing
authorizations so that the failure of individual challenges is nonfatal
to the authorization if there are other challenges which could be
completed to satisfy the authorization. This would be useful in addition
to the ability to retry
I think the TOS URI mechanism should be preserved, and the specification
should be changed to state that if no new act of assent is required,
the URI stored in a registration should be updated to match it
automatically.
> I think this may be where we are not understanding each other. This is
>
Summary:
By issuing a single certificate with Subject Alternate Names to cover multiple
domains, LetsEncrypt can leak the IP of an origin server that is behind a
service such as Cloudflare. This increases the risk of DDOS attack.
Scenario:
1. I run a VPS that, through Apache Virtual Hosts,