🔱: [acme] sync upgrade with 6 commits [trident-sync]

Bump v5.4.0 Bump dependencies Retry HTTP requests on server errors or when rate limited Forgot to refresh directory timestamp after successful get Add utility method tests
🔱: [acme] sync upgrade with 5 commits [trident-sync]
2026-04-14 12:30:54 +08:00 · 2024-07-16 19:24:08 +00:00 · 2024-07-15 19:24:17 +00:00 · 2024-05-23 19:24:12 +00:00 · 2024-05-22 19:24:07 +00:00 · 2024-05-21 19:24:05 +00:00
44 changed files with 687 additions and 569 deletions
--- a/packages/core/acme-client/.eslintrc.yml
+++ b/packages/core/acme-client/.eslintrc.yml
@@ -9,15 +9,8 @@ env:
 rules:
  indent: [2, 4, { SwitchCase: 1, VariableDeclarator: 1 }]
  brace-style: [2, 'stroustrup', { allowSingleLine: true }]
  space-before-function-paren: [2, { anonymous: 'never', named: 'never' }]
  func-names: 0
  prefer-destructuring: 0
  object-curly-newline: 0
  class-methods-use-this: 0
  wrap-iife: [2, 'inside']
  no-param-reassign: 0
  comma-dangle: [2, 'never']
  max-len: [1, 200, 2, { ignoreUrls: true, ignoreComments: false }]
  no-multiple-empty-lines: [2, { max: 2, maxBOF: 0, maxEOF: 0 }]
  prefer-object-spread: 0
  import/no-useless-path-segments: 0
--- a/packages/core/acme-client/.github/scripts/tests-install-cts.sh
+++ b/packages/core/acme-client/.github/scripts/tests-install-cts.sh
@@ -5,8 +5,10 @@
 set -euo pipefail
 # Download and install
-wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv_linux-amd64" -O /usr/local/bin/pebble-challtestsrv
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLECTS_VERSION}/pebble-challtestsrv-linux-amd64.tar.gz" -O /tmp/pebble-challtestsrv.tar.gz
 tar zxvf /tmp/pebble-challtestsrv.tar.gz -C /tmp
 mv /tmp/pebble-challtestsrv-linux-amd64/linux/amd64/pebble-challtestsrv /usr/local/bin/pebble-challtestsrv
 chown root:root /usr/local/bin/pebble-challtestsrv
 chmod 0755 /usr/local/bin/pebble-challtestsrv
--- a/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
+++ b/packages/core/acme-client/.github/scripts/tests-install-pebble.sh
@@ -22,12 +22,14 @@ wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION
 wget -nv "https://raw.githubusercontent.com/letsencrypt/pebble/v${PEBBLE_VERSION}/test/config/${CONFIG_NAME}" -O /etc/pebble/pebble.json
 # Download and install Pebble
-wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble_linux-amd64" -O /usr/local/bin/pebble
+wget -nv "https://github.com/letsencrypt/pebble/releases/download/v${PEBBLE_VERSION}/pebble-linux-amd64.tar.gz" -O /tmp/pebble.tar.gz
 tar zxvf /tmp/pebble.tar.gz -C /tmp
 mv /tmp/pebble-linux-amd64/linux/amd64/pebble /usr/local/bin/pebble
 chown root:root /usr/local/bin/pebble
 chmod 0755 /usr/local/bin/pebble
 # Config
-sed -i 's/test\/certs\/localhost/\/etc\/pebble/' /etc/pebble/pebble.json
+sed -i 's#test/certs/localhost#/etc/pebble#' /etc/pebble/pebble.json
 exit 0
--- a/packages/core/acme-client/.github/workflows/tests.yml
+++ b/packages/core/acme-client/.github/workflows/tests.yml
@@ -1,4 +1,3 @@
 ---
 name: test
 on: [push, pull_request]
@@ -12,7 +11,6 @@ jobs:
        node: [16, 18, 20]
        eab: [0, 1]
    #
    # Environment
    #
@@ -21,9 +19,9 @@ jobs:
      FORCE_COLOR: 1
      NPM_CONFIG_COLOR: always
-      PEBBLE_VERSION: 2.3.1
+      PEBBLE_VERSION: 2.6.0
      PEBBLE_ALTERNATE_ROOTS: 2
-      PEBBLECTS_VERSION: 2.3.1
+      PEBBLECTS_VERSION: 2.6.0
      PEBBLECTS_DNS_PORT: 8053
      COREDNS_VERSION: 1.11.1
@@ -41,7 +39,6 @@ jobs:
      ACME_HTTP_PORT: 5002
      ACME_HTTPS_PORT: 5003
    #
    # Pipeline
    #
--- a/packages/core/acme-client/.gitignore
+++ b/packages/core/acme-client/.gitignore
@@ -1,3 +1,4 @@
 .actrc
 .vscode/
 node_modules/
 npm-debug.log
--- a/packages/core/acme-client/CHANGELOG.md
+++ b/packages/core/acme-client/CHANGELOG.md
@@ -1,9 +1,20 @@
 # Changelog
 ## v5.4.0 (2024-07-16)
 * `added` Directory URLs for [Google](https://cloud.google.com/certificate-manager/docs/overview) ACME provider
 * `fixed` Invalidate ACME provider directory cache after 24 hours
 * `fixed` Retry HTTP requests on server errors or when rate limited - [#89](https://github.com/publishlab/node-acme-client/issues/89)
 ## v5.3.1 (2024-05-22)
 * `fixed` Allow `client.auto()` being called with an empty CSR common name
 * `fixed` Bug when calling `updateAccountKey()` with external account binding
 ## v5.3.0 (2024-02-05)
 * `added` Support and tests for satisfying `tls-alpn-01` challenges
-* `changed` Replace `jsrsasign` with `@peculiar/x509` for certificate and CSR generation and parsing
+* `changed` Replace `jsrsasign` with `@peculiar/x509` for certificate and CSR handling
 * `changed` Method `getChallengeKeyAuthorization()` now returns `$token.$thumbprint` when called with a `tls-alpn-01` challenge
    * Previously returned base64url encoded SHA256 digest of `$token.$thumbprint` erroneously
    * This change is not considered breaking since the previous behavior was incorrect
@@ -32,7 +43,7 @@
 * `fixed` Upgrade `axios@0.26.1`
 * `fixed` Upgrade `node-forge@1.3.0` - [CVE-2022-24771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771), [CVE-2022-24772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772), [CVE-2022-24773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773)
-## 4.2.4 (2022-03-19)
+## v4.2.4 (2022-03-19)
 * `fixed` Use SHA-256 when signing CSRs
--- a/packages/core/acme-client/README.md
+++ b/packages/core/acme-client/README.md
@@ -10,7 +10,7 @@ This module is written to handle communication with a Boulder/Let's Encrypt-styl
 ## Compatibility
 | acme-client | Node.js |                                           |
-| ------------- | --------- | ----------------------------------------- |
+| ----------- | ------- | ----------------------------------------- |
 | v5.x        | >= v16  | [Upgrade guide](docs/upgrade-v5.md)       |
 | v4.x        | >= v10  | [Changelog](CHANGELOG.md#v400-2020-05-29) |
 | v3.x        | >= v8   | [Changelog](CHANGELOG.md#v300-2019-07-13) |
@@ -49,7 +49,7 @@ const accountPrivateKey = '<PEM encoded private key>';
 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
-    accountKey: accountPrivateKey
+    accountKey: accountPrivateKey,
 });
 ```
@@ -59,6 +59,9 @@ const client = new acme.Client({
 acme.directory.buypass.staging;
 acme.directory.buypass.production;
 acme.directory.google.staging;
 acme.directory.google.production;
 acme.directory.letsencrypt.staging;
 acme.directory.letsencrypt.production;
@@ -75,8 +78,8 @@ const client = new acme.Client({
    accountKey: accountPrivateKey,
    externalAccountBinding: {
        kid: 'YOUR-EAB-KID',
-        hmacKey: 'YOUR-EAB-HMAC-KEY'
+        hmacKey: 'YOUR-EAB-HMAC-KEY',
-    }
+    },
 });
 ```
@@ -90,7 +93,7 @@ In some cases, for example with some EAB providers, this account creation step m
 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
    accountKey: accountPrivateKey,
-    accountUrl: 'https://acme-v02.api.letsencrypt.org/acme/acct/12345678'
+    accountUrl: 'https://acme-v02.api.letsencrypt.org/acme/acct/12345678',
 });
 ```
@@ -113,8 +116,7 @@ const privateRsaKey = await acme.crypto.createPrivateRsaKey();
 const privateEcdsaKey = await acme.crypto.createPrivateEcdsaKey();
 const [certificateKey, certificateCsr] = await acme.crypto.createCsr({
-    commonName: '*.example.com',
+    altNames: ['example.com', '*.example.com'],
    altNames: ['example.com']
 });
 ```
@@ -139,7 +141,7 @@ const autoOpts = {
    email: 'test@example.com',
    termsOfServiceAgreed: true,
    challengeCreateFn: async (authz, challenge, keyAuthorization) => {},
-    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {}
+    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {},
 };
 const certificate = await client.auto(autoOpts);
@@ -156,7 +158,7 @@ To modify challenge priority, provide a list of challenge types in `challengePri
 ```js
 await client.auto({
    ...,
-    challengePriority: ['http-01', 'dns-01']
+    challengePriority: ['http-01', 'dns-01'],
 });
 ```
@@ -171,7 +173,7 @@ To completely disable `acme-client`s internal challenge verification, enable `sk
 ```js
 await client.auto({
    ...,
-    skipChallengeVerification: true
+    skipChallengeVerification: true,
 });
 ```
@@ -185,14 +187,14 @@ For more fine-grained control you can interact with the ACME API using the metho
 ```js
 const account = await client.createAccount({
    termsOfServiceAgreed: true,
-    contact: ['mailto:test@example.com']
+    contact: ['mailto:test@example.com'],
 });
 const order = await client.createOrder({
    identifiers: [
        { type: 'dns', value: 'example.com' },
-        { type: 'dns', value: '*.example.com' }
+        { type: 'dns', value: '*.example.com' },
-    ]
+    ],
 });
 ```
@@ -207,7 +209,7 @@ const acme = require('acme-client');
 acme.axios.defaults.proxy = {
    host: '127.0.0.1',
-    port: 9000
+    port: 9000,
 };
 ```
--- a/packages/core/acme-client/docs/client.md
+++ b/packages/core/acme-client/docs/client.md
@@ -63,7 +63,7 @@ Create ACME client instance
 ```js
 const client = new acme.Client({
    directoryUrl: acme.directory.letsencrypt.staging,
-    accountKey: 'Private key goes here'
+    accountKey: 'Private key goes here',
 });
 ```
 **Example**  
@@ -75,7 +75,7 @@ const client = new acme.Client({
    accountUrl: 'Optional account URL goes here',
    backoffAttempts: 10,
    backoffMin: 5000,
-    backoffMax: 30000
+    backoffMax: 30000,
 });
 ```
 **Example**  
@@ -86,8 +86,8 @@ const client = new acme.Client({
    accountKey: 'Private key goes here',
    externalAccountBinding: {
        kid: 'YOUR-EAB-KID',
-        hmacKey: 'YOUR-EAB-HMAC-KEY'
+        hmacKey: 'YOUR-EAB-HMAC-KEY',
-    }
+    },
 });
 ```
 <a name="AcmeClient+getTermsOfServiceUrl"></a>
@@ -145,7 +145,7 @@ https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
 Create a new account
 ```js
 const account = await client.createAccount({
-    termsOfServiceAgreed: true
+    termsOfServiceAgreed: true,
 });
 ```
 **Example**  
@@ -153,7 +153,7 @@ Create a new account with contact info
 ```js
 const account = await client.createAccount({
    termsOfServiceAgreed: true,
-    contact: ['mailto:test@example.com']
+    contact: ['mailto:test@example.com'],
 });
 ```
 <a name="AcmeClient+updateAccount"></a>
@@ -174,7 +174,7 @@ https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
 Update existing account
 ```js
 const account = await client.updateAccount({
-    contact: ['mailto:foo@example.com']
+    contact: ['mailto:foo@example.com'],
 });
 ```
 <a name="AcmeClient+updateAccountKey"></a>
@@ -218,8 +218,8 @@ Create a new order
 const order = await client.createOrder({
    identifiers: [
        { type: 'dns', value: 'example.com' },
-        { type: 'dns', value: 'test.example.com' }
+        { type: 'dns', value: 'test.example.com' },
-    ]
+    ],
 });
 ```
 <a name="AcmeClient+getOrder"></a>
@@ -452,7 +452,7 @@ Revoke certificate with reason
 ```js
 const certificate = { ... }; // Previously created certificate
 const result = await client.revokeCertificate(certificate, {
-    reason: 4
+    reason: 4,
 });
 ```
 <a name="AcmeClient+auto"></a>
@@ -479,7 +479,7 @@ Auto mode
 Order a certificate using auto mode
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 const certificate = await client.auto({
@@ -491,14 +491,14 @@ const certificate = await client.auto({
    },
    challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
        // Clean up challenge here
-    }
+    },
 });
 ```
 **Example**  
 Order a certificate using auto mode with preferred chain
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 const certificate = await client.auto({
@@ -507,7 +507,7 @@ const certificate = await client.auto({
    termsOfServiceAgreed: true,
    preferredChain: 'DST Root CA X3',
    challengeCreateFn: async () => {},
-    challengeRemoveFn: async () => {}
+    challengeRemoveFn: async () => {},
 });
 ```
 <a name="Client"></a>
--- a/packages/core/acme-client/docs/crypto.md
+++ b/packages/core/acme-client/docs/crypto.md
@@ -239,29 +239,30 @@ Create a Certificate Signing Request
 Create a Certificate Signing Request
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with both common and alternative names
 > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
    keySize: 4096,
    commonName: 'test.example.com',
-    altNames: ['foo.example.com', 'bar.example.com']
+    altNames: ['foo.example.com', 'bar.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with additional information
 ```js
 const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com',
+    altNames: ['test.example.com'],
    country: 'US',
    state: 'California',
    locality: 'Los Angeles',
    organization: 'The Company Inc.',
    organizationUnit: 'IT Department',
-    emailAddress: 'contact@example.com'
+    emailAddress: 'contact@example.com',
 });
 ```
 **Example**  
@@ -270,8 +271,9 @@ Certificate Signing Request with ECDSA private key
 const certificateKey = await acme.crypto.createPrivateEcdsaKey();
 const [, certificateRequest] = await acme.crypto.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 }, certificateKey);
 ```
 <a name="createAlpnCertificate"></a>
 ## createAlpnCertificate(authz, keyAuthorization, [keyPem]) ⇒ <code>Promise.&lt;Array.&lt;buffer&gt;&gt;</code>
@@ -298,6 +300,7 @@ Create a ALPN certificate with ECDSA private key
 ```js
 const alpnKey = await acme.crypto.createPrivateEcdsaKey();
 const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
 ```
 <a name="isAlpnCertificateAuthorizationValid"></a>
 ## isAlpnCertificateAuthorizationValid(certPem, keyAuthorization) ⇒ <code>boolean</code>
--- a/packages/core/acme-client/docs/forge.md
+++ b/packages/core/acme-client/docs/forge.md
@@ -222,29 +222,30 @@ Create a Certificate Signing Request
 Create a Certificate Signing Request
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with both common and alternative names
 > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
    keySize: 4096,
    commonName: 'test.example.com',
-    altNames: ['foo.example.com', 'bar.example.com']
+    altNames: ['foo.example.com', 'bar.example.com'],
 });
 ```
 **Example**  
 Certificate Signing Request with additional information
 ```js
 const [certificateKey, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com',
+    altNames: ['test.example.com'],
    country: 'US',
    state: 'California',
    locality: 'Los Angeles',
    organization: 'The Company Inc.',
    organizationUnit: 'IT Department',
-    emailAddress: 'contact@example.com'
+    emailAddress: 'contact@example.com',
 });
 ```
 **Example**  
@@ -253,5 +254,5 @@ Certificate Signing Request with predefined private key
 const certificateKey = await acme.forge.createPrivateKey();
 const [, certificateRequest] = await acme.forge.createCsr({
-    commonName: 'test.example.com'
+    altNames: ['test.example.com'],
 }, certificateKey);
--- a/packages/core/acme-client/examples/api.js
+++ b/packages/core/acme-client/examples/api.js
@@ -8,7 +8,6 @@ function log(m) {
    process.stdout.write(`${m}\n`);
 }
 /**
 * Function used to satisfy an ACME challenge
 *
@@ -25,7 +24,6 @@ async function challengeCreateFn(authz, challenge, keyAuthorization) {
    log(keyAuthorization);
 }
 /**
 * Function used to remove an ACME challenge response
 *
@@ -41,30 +39,29 @@ async function challengeRemoveFn(authz, challenge, keyAuthorization) {
    log(keyAuthorization);
 }
 /**
 * Main
 */
-module.exports = async function() {
+module.exports = async () => {
    /* Init client */
    const client = new acme.Client({
        directoryUrl: acme.directory.letsencrypt.staging,
-        accountKey: await acme.crypto.createPrivateKey()
+        accountKey: await acme.crypto.createPrivateKey(),
    });
    /* Register account */
    await client.createAccount({
        termsOfServiceAgreed: true,
-        contact: ['mailto:test@example.com']
+        contact: ['mailto:test@example.com'],
    });
    /* Place new order */
    const order = await client.createOrder({
        identifiers: [
            { type: 'dns', value: 'example.com' },
-            { type: 'dns', value: '*.example.com' }
+            { type: 'dns', value: '*.example.com' },
-        ]
+        ],
    });
    /**
@@ -138,8 +135,7 @@ module.exports = async function() {
    /* Finalize order */
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: '*.example.com',
+        altNames: ['example.com', '*.example.com'],
        altNames: ['example.com']
    });
    const finalized = await client.finalizeOrder(order, csr);
--- a/packages/core/acme-client/examples/auto.js
+++ b/packages/core/acme-client/examples/auto.js
@@ -9,7 +9,6 @@ function log(m) {
    process.stdout.write(`${m}\n`);
 }
 /**
 * Function used to satisfy an ACME challenge
 *
@@ -47,7 +46,6 @@ async function challengeCreateFn(authz, challenge, keyAuthorization) {
    }
 }
 /**
 * Function used to remove an ACME challenge response
 *
@@ -80,25 +78,24 @@ async function challengeRemoveFn(authz, challenge, keyAuthorization) {
        /* Replace this */
        log(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
-        // await dnsProvider.removeRecord(dnsRecord, 'TXT');
+        // await dnsProvider.removeRecord(dnsRecord, 'TXT', recordValue);
    }
 }
 /**
 * Main
 */
-module.exports = async function() {
+module.exports = async () => {
    /* Init client */
    const client = new acme.Client({
        directoryUrl: acme.directory.letsencrypt.staging,
-        accountKey: await acme.crypto.createPrivateKey()
+        accountKey: await acme.crypto.createPrivateKey(),
    });
    /* Create CSR */
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: 'example.com'
+        altNames: ['example.com'],
    });
    /* Certificate */
@@ -107,7 +104,7 @@ module.exports = async function() {
        email: 'test@example.com',
        termsOfServiceAgreed: true,
        challengeCreateFn,
-        challengeRemoveFn
+        challengeRemoveFn,
    });
    /* Done */
--- a/packages/core/acme-client/examples/dns-01/dns-01.js
+++ b/packages/core/acme-client/examples/dns-01/dns-01.js
@@ -19,7 +19,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }
 /**
 * Main
 */
@@ -33,18 +32,16 @@ function log(m) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });
        /**
         * Order wildcard certificate
         */
        log(`Creating CSR for ${WILDCARD_DOMAIN}`);
        const [key, csr] = await acme.crypto.createCsr({
-            commonName: WILDCARD_DOMAIN,
+            altNames: [WILDCARD_DOMAIN, `*.${WILDCARD_DOMAIN}`],
            altNames: [`*.${WILDCARD_DOMAIN}`]
        });
        log(`Ordering certificate for ${WILDCARD_DOMAIN}`);
@@ -60,12 +57,11 @@ function log(m) {
            challengeRemoveFn: (authz, challenge, keyAuthorization) => {
                /* TODO: Implement this */
                log(`[TODO] Remove TXT record key=_acme-challenge.${authz.identifier.value} value=${keyAuthorization}`);
-            }
+            },
        });
        log(`Certificate for ${WILDCARD_DOMAIN} created successfully`);
        /**
         * HTTPS server
         */
@@ -78,7 +74,7 @@ function log(m) {
        const httpsServer = https.createServer({
            key,
-            cert
+            cert,
        }, requestListener);
        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/examples/http-01/http-01.js
+++ b/packages/core/acme-client/examples/http-01/http-01.js
@@ -23,7 +23,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }
 /**
 * On-demand certificate generation using http-01
 */
@@ -52,7 +51,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    /* Create CSR */
    log(`Creating CSR for ${servername}`);
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: servername
+        altNames: [servername],
    });
    /* Order certificate */
@@ -67,7 +66,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        },
        challengeRemoveFn: (authz, challenge) => {
            delete challengeResponses[challenge.token];
-        }
+        },
    });
    /* Done, store certificate */
@@ -77,7 +76,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    return certificateStore[servername];
 }
 /**
 * Main
 */
@@ -91,10 +89,9 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });
        /**
         * HTTP server
         */
@@ -129,7 +126,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
            log(`HTTP server listening on port ${HTTP_SERVER_PORT}`);
        });
        /**
         * HTTPS server
         */
@@ -158,7 +154,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        }, requestListener);
        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/examples/tls-alpn-01/tls-alpn-01.js
+++ b/packages/core/acme-client/examples/tls-alpn-01/tls-alpn-01.js
@@ -22,7 +22,6 @@ function log(m) {
    process.stdout.write(`${(new Date()).toISOString()} ${m}\n`);
 }
 /**
 * On-demand certificate generation using tls-alpn-01
 */
@@ -51,7 +50,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    /* Create CSR */
    log(`Creating CSR for ${servername}`);
    const [key, csr] = await acme.crypto.createCsr({
-        commonName: servername
+        altNames: [servername],
    });
    /* Order certificate */
@@ -66,7 +65,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        },
        challengeRemoveFn: (authz) => {
            delete alpnResponses[authz.identifier.value];
-        }
+        },
    });
    /* Done, store certificate */
@@ -76,7 +75,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
    return certificateStore[servername];
 }
 /**
 * Main
 */
@@ -90,10 +88,9 @@ async function getCertOnDemand(client, servername, attempt = 0) {
        log('Initializing ACME client');
        const client = new acme.Client({
            directoryUrl: acme.directory.letsencrypt.staging,
-            accountKey: await acme.crypto.createPrivateKey()
+            accountKey: await acme.crypto.createPrivateKey(),
        });
        /**
         * ALPN responder
         */
@@ -118,14 +115,14 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`Found ALPN certificate for ${servername}, serving secure context`);
                    cb(null, tls.createSecureContext({
                        key: alpnResponses[servername][0],
-                        cert: alpnResponses[servername][1]
+                        cert: alpnResponses[servername][1],
                    }));
                }
                catch (e) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        });
        /* Terminate once TLS handshake has been established */
@@ -137,7 +134,6 @@ async function getCertOnDemand(client, servername, attempt = 0) {
            log(`ALPN responder listening on port ${ALPN_RESPONDER_PORT}`);
        });
        /**
         * HTTPS server
         */
@@ -166,7 +162,7 @@ async function getCertOnDemand(client, servername, attempt = 0) {
                    log(`[ERROR] ${e.message}`);
                    cb(e.message);
                }
-            }
+            },
        }, requestListener);
        httpsServer.listen(HTTPS_SERVER_PORT, () => {
--- a/packages/core/acme-client/package.json
+++ b/packages/core/acme-client/package.json
@@ -2,7 +2,7 @@
    "name": "acme-client",
    "description": "Simple and unopinionated ACME client",
    "author": "nmorsman",
-    "version": "5.3.0",
+    "version": "5.4.0",
    "main": "src/index.js",
    "types": "types/index.d.ts",
    "license": "MIT",
@@ -15,23 +15,23 @@
        "types"
    ],
    "dependencies": {
-        "@peculiar/x509": "^1.9.7",
+        "@peculiar/x509": "^1.11.0",
        "asn1js": "^3.0.5",
-        "axios": "^1.6.5",
+        "axios": "^1.7.2",
-        "debug": "^4.1.1",
+        "debug": "^4.3.5",
        "node-forge": "^1.3.1"
    },
    "devDependencies": {
-        "@types/node": "^20.11.5",
+        "@types/node": "^20.14.10",
        "chai": "^4.4.1",
-        "chai-as-promised": "^7.1.1",
+        "chai-as-promised": "^7.1.2",
-        "eslint": "^8.56.0",
+        "eslint": "^8.57.0",
        "eslint-config-airbnb-base": "^15.0.0",
        "eslint-plugin-import": "^2.29.1",
-        "jsdoc-to-markdown": "^8.0.0",
+        "jsdoc-to-markdown": "^8.0.1",
-        "mocha": "^10.2.0",
+        "mocha": "^10.6.0",
-        "nock": "^13.5.0",
+        "nock": "^13.5.4",
-        "tsd": "^0.30.4"
+        "tsd": "^0.31.1"
    },
    "scripts": {
        "build-docs": "jsdoc2md src/client.js > docs/client.md && jsdoc2md src/crypto/index.js > docs/crypto.md && jsdoc2md src/crypto/forge.js > docs/forge.md",
--- a/packages/core/acme-client/src/api.js
+++ b/packages/core/acme-client/src/api.js
@@ -4,7 +4,6 @@
 const util = require('./util');
 /**
 * AcmeApi
 *
@@ -18,7 +17,6 @@ class AcmeApi {
        this.accountUrl = accountUrl;
    }
    /**
     * Get account URL
     *
@@ -34,7 +32,6 @@ class AcmeApi {
        return this.accountUrl;
    }
    /**
     * ACME API request
     *
@@ -59,7 +56,6 @@ class AcmeApi {
        return resp;
    }
    /**
     * ACME API request by resource name helper
     *
@@ -78,7 +74,6 @@ class AcmeApi {
        return this.apiRequest(resourceUrl, payload, validStatusCodes, { includeJwsKid, includeExternalAccountBinding });
    }
    /**
     * Get Terms of Service URL if available
     *
@@ -91,7 +86,6 @@ class AcmeApi {
        return this.http.getMetaField('termsOfService');
    }
    /**
     * Create new account
     *
@@ -104,7 +98,7 @@ class AcmeApi {
    async createAccount(data) {
        const resp = await this.apiResourceRequest('newAccount', data, [200, 201], {
            includeJwsKid: false,
-            includeExternalAccountBinding: (data.onlyReturnExisting !== true)
+            includeExternalAccountBinding: (data.onlyReturnExisting !== true),
        });
        /* Set account URL */
@@ -115,7 +109,6 @@ class AcmeApi {
        return resp;
    }
    /**
     * Update account
     *
@@ -129,7 +122,6 @@ class AcmeApi {
        return this.apiRequest(this.getAccountUrl(), data, [200, 202]);
    }
    /**
     * Update account key
     *
@@ -143,7 +135,6 @@ class AcmeApi {
        return this.apiResourceRequest('keyChange', data, [200]);
    }
    /**
     * Create new order
     *
@@ -157,7 +148,6 @@ class AcmeApi {
        return this.apiResourceRequest('newOrder', data, [201]);
    }
    /**
     * Get order
     *
@@ -171,7 +161,6 @@ class AcmeApi {
        return this.apiRequest(url, null, [200]);
    }
    /**
     * Finalize order
     *
@@ -186,7 +175,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }
    /**
     * Get identifier authorization
     *
@@ -200,7 +188,6 @@ class AcmeApi {
        return this.apiRequest(url, null, [200]);
    }
    /**
     * Update identifier authorization
     *
@@ -215,7 +202,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }
    /**
     * Complete challenge
     *
@@ -230,7 +216,6 @@ class AcmeApi {
        return this.apiRequest(url, data, [200]);
    }
    /**
     * Revoke certificate
     *
@@ -245,6 +230,5 @@ class AcmeApi {
    }
 }
 /* Export API */
 module.exports = AcmeApi;
--- a/packages/core/acme-client/src/auto.js
+++ b/packages/core/acme-client/src/auto.js
@@ -13,10 +13,9 @@ const defaultOpts = {
    skipChallengeVerification: false,
    challengePriority: ['http-01', 'dns-01'],
    challengeCreateFn: async () => { throw new Error('Missing challengeCreateFn()'); },
-    challengeRemoveFn: async () => { throw new Error('Missing challengeRemoveFn()'); }
+    challengeRemoveFn: async () => { throw new Error('Missing challengeRemoveFn()'); },
 };
 /**
 * ACME client auto mode
 *
@@ -25,8 +24,8 @@ const defaultOpts = {
 * @returns {Promise<buffer>} Certificate
 */
-module.exports = async function(client, userOpts) {
+module.exports = async (client, userOpts) => {
-    const opts = Object.assign({}, defaultOpts, userOpts);
+    const opts = { ...defaultOpts, ...userOpts };
    const accountPayload = { termsOfServiceAgreed: opts.termsOfServiceAgreed };
    if (!Buffer.isBuffer(opts.csr)) {
@@ -37,7 +36,6 @@ module.exports = async function(client, userOpts) {
        accountPayload.contact = [`mailto:${opts.email}`];
    }
    /**
     * Register account
     */
@@ -53,19 +51,16 @@ module.exports = async function(client, userOpts) {
        await client.createAccount(accountPayload);
    }
    /**
     * Parse domains from CSR
     */
    log('[auto] Parsing domains from Certificate Signing Request');
-    const csrDomains = readCsrDomains(opts.csr);
+    const { commonName, altNames } = readCsrDomains(opts.csr);
-    const domains = [csrDomains.commonName].concat(csrDomains.altNames);
+    const uniqueDomains = Array.from(new Set([commonName].concat(altNames).filter((d) => d)));
    const uniqueDomains = Array.from(new Set(domains));
    log(`[auto] Resolved ${uniqueDomains.length} unique domains from parsing the Certificate Signing Request`);
    /**
     * Place order
     */
@@ -77,7 +72,6 @@ module.exports = async function(client, userOpts) {
    log(`[auto] Placed certificate order successfully, received ${authorizations.length} identity authorizations`);
    /**
     * Resolve and satisfy challenges
     */
@@ -165,7 +159,6 @@ module.exports = async function(client, userOpts) {
        }
    });
    /**
     * Wait for all challenge promises to settle
     */
@@ -179,7 +172,6 @@ module.exports = async function(client, userOpts) {
        throw e;
    }
    /**
     * Finalize order and download certificate
     */
--- a/packages/core/acme-client/src/axios.js
+++ b/packages/core/acme-client/src/axios.js
@@ -3,11 +3,14 @@
 */
 const axios = require('axios');
 const { parseRetryAfterHeader } = require('./util');
 const { log } = require('./logger');
 const pkg = require('./../package.json');
 const { AxiosError } = axios;
 /**
- * Instance
+ * Defaults
 */
 const instance = axios.create();
@@ -19,9 +22,11 @@ instance.defaults.headers.common['User-Agent'] = `node-${pkg.name}/${pkg.version
 instance.defaults.acmeSettings = {
    httpChallengePort: 80,
    httpsChallengePort: 443,
-    tlsAlpnChallengePort: 443
+    tlsAlpnChallengePort: 443,
 };
    retryMaxAttempts: 5,
    retryDefaultDelay: 5,
 };
 /**
 * Explicitly set Node as default HTTP adapter
@@ -32,6 +37,84 @@ instance.defaults.acmeSettings = {
 instance.defaults.adapter = 'http';
 /**
 * Retry requests on server errors or when rate limited
 *
 * https://datatracker.ietf.org/doc/html/rfc8555#section-6.6
 */
 function isRetryableError(error) {
    return (error.code !== 'ECONNABORTED')
        && (error.code !== 'ERR_NOCK_NO_MATCH')
        && (!error.response
            || (error.response.status === 429)
            || ((error.response.status >= 500) && (error.response.status <= 599)));
 }
 /* https://github.com/axios/axios/blob/main/lib/core/settle.js */
 function validateStatus(response) {
    const validator = response.config.retryValidateStatus;
    if (!response.status || !validator || validator(response.status)) {
        return response;
    }
    throw new AxiosError(
        `Request failed with status code ${response.status}`,
        (Math.floor(response.status / 100) === 4) ? AxiosError.ERR_BAD_REQUEST : AxiosError.ERR_BAD_RESPONSE,
        response.config,
        response.request,
        response,
    );
 }
 /* Pass all responses through the error interceptor */
 instance.interceptors.request.use((config) => {
    if (!('retryValidateStatus' in config)) {
        config.retryValidateStatus = config.validateStatus;
    }
    config.validateStatus = () => false;
    return config;
 });
 /* Handle request retries if applicable */
 instance.interceptors.response.use(null, async (error) => {
    const { config, response } = error;
    if (!config) {
        return Promise.reject(error);
    }
    /* Pick up errors we want to retry */
    if (isRetryableError(error)) {
        const { retryMaxAttempts, retryDefaultDelay } = instance.defaults.acmeSettings;
        config.retryAttempt = ('retryAttempt' in config) ? (config.retryAttempt + 1) : 1;
        if (config.retryAttempt <= retryMaxAttempts) {
            const code = response ? `HTTP ${response.status}` : error.code;
            log(`Caught ${code}, retry attempt ${config.retryAttempt}/${retryMaxAttempts} to URL ${config.url}`);
            /* Attempt to parse Retry-After header, fallback to default delay */
            let retryAfter = response ? parseRetryAfterHeader(response.headers['retry-after']) : 0;
            if (retryAfter > 0) {
                log(`Found retry-after response header with value: ${response.headers['retry-after']}, waiting ${retryAfter} seconds`);
            }
            else {
                retryAfter = (retryDefaultDelay * config.retryAttempt);
                log(`Unable to locate or parse retry-after response header, waiting ${retryAfter} seconds`);
            }
            /* Wait and retry the request */
            await new Promise((resolve) => { setTimeout(resolve, (retryAfter * 1000)); });
            return instance(config);
        }
    }
    /* Validate and return response */
    return validateStatus(response);
 });
 /**
 * Export instance
--- a/packages/core/acme-client/src/client.js
+++ b/packages/core/acme-client/src/client.js
@@ -13,7 +13,6 @@ const verify = require('./verify');
 const util = require('./util');
 const auto = require('./auto');
 /**
 * ACME states
 *
@@ -24,7 +23,6 @@ const validStates = ['ready', 'valid'];
 const pendingStates = ['pending', 'processing'];
 const invalidStates = ['invalid'];
 /**
 * Default options
 *
@@ -38,10 +36,9 @@ const defaultOpts = {
    externalAccountBinding: {},
    backoffAttempts: 10,
    backoffMin: 5000,
-    backoffMax: 30000
+    backoffMax: 30000,
 };
 /**
 * AcmeClient
 *
@@ -61,7 +58,7 @@ const defaultOpts = {
 * ```js
 * const client = new acme.Client({
 *     directoryUrl: acme.directory.letsencrypt.staging,
- *     accountKey: 'Private key goes here'
+ *     accountKey: 'Private key goes here',
 * });
 * ```
 *
@@ -73,7 +70,7 @@ const defaultOpts = {
 *     accountUrl: 'Optional account URL goes here',
 *     backoffAttempts: 10,
 *     backoffMin: 5000,
- *     backoffMax: 30000
+ *     backoffMax: 30000,
 * });
 * ```
 *
@@ -84,8 +81,8 @@ const defaultOpts = {
 *     accountKey: 'Private key goes here',
 *     externalAccountBinding: {
 *         kid: 'YOUR-EAB-KID',
- *         hmacKey: 'YOUR-EAB-HMAC-KEY'
+ *         hmacKey: 'YOUR-EAB-HMAC-KEY',
- *     }
+ *     },
 * });
 * ```
 */
@@ -96,19 +93,17 @@ class AcmeClient {
            opts.accountKey = Buffer.from(opts.accountKey);
        }
-        this.opts = Object.assign({}, defaultOpts, opts);
+        this.opts = { ...defaultOpts, ...opts };
        this.backoffOpts = {
            attempts: this.opts.backoffAttempts,
            min: this.opts.backoffMin,
-            max: this.opts.backoffMax
+            max: this.opts.backoffMax,
        };
        this.http = new HttpClient(this.opts.directoryUrl, this.opts.accountKey, this.opts.externalAccountBinding);
        this.api = new AcmeApi(this.http, this.opts.accountUrl);
    }
    /**
     * Get Terms of Service URL if available
     *
@@ -128,7 +123,6 @@ class AcmeClient {
        return this.api.getTermsOfServiceUrl();
    }
    /**
     * Get current account URL
     *
@@ -150,7 +144,6 @@ class AcmeClient {
        return this.api.getAccountUrl();
    }
    /**
     * Create a new account
     *
@@ -162,7 +155,7 @@ class AcmeClient {
     * @example Create a new account
     * ```js
     * const account = await client.createAccount({
-     *     termsOfServiceAgreed: true
+     *     termsOfServiceAgreed: true,
     * });
     * ```
     *
@@ -170,7 +163,7 @@ class AcmeClient {
     * ```js
     * const account = await client.createAccount({
     *     termsOfServiceAgreed: true,
-     *     contact: ['mailto:test@example.com']
+     *     contact: ['mailto:test@example.com'],
     * });
     * ```
     */
@@ -196,7 +189,6 @@ class AcmeClient {
        }
    }
    /**
     * Update existing account
     *
@@ -208,7 +200,7 @@ class AcmeClient {
     * @example Update existing account
     * ```js
     * const account = await client.updateAccount({
-     *     contact: ['mailto:foo@example.com']
+     *     contact: ['mailto:foo@example.com'],
     * });
     * ```
     */
@@ -236,7 +228,6 @@ class AcmeClient {
        return resp.data;
    }
    /**
     * Update account private key
     *
@@ -261,7 +252,7 @@ class AcmeClient {
        const accountUrl = this.api.getAccountUrl();
        /* Create new HTTP and API clients using new key */
-        const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey);
+        const newHttpClient = new HttpClient(this.opts.directoryUrl, newAccountKey, this.opts.externalAccountBinding);
        const newApiClient = new AcmeApi(newHttpClient, accountUrl);
        /* Get old JWK */
@@ -282,7 +273,6 @@ class AcmeClient {
        return resp.data;
    }
    /**
     * Create a new order
     *
@@ -296,8 +286,8 @@ class AcmeClient {
     * const order = await client.createOrder({
     *     identifiers: [
     *         { type: 'dns', value: 'example.com' },
-     *         { type: 'dns', value: 'test.example.com' }
+     *         { type: 'dns', value: 'test.example.com' },
-     *     ]
+     *     ],
     * });
     * ```
     */
@@ -314,7 +304,6 @@ class AcmeClient {
        return resp.data;
    }
    /**
     * Refresh order object from CA
     *
@@ -376,7 +365,6 @@ class AcmeClient {
        return resp.data;
    }
    /**
     * Get identifier authorizations from order
     *
@@ -406,7 +394,6 @@ class AcmeClient {
        }));
    }
    /**
     * Deactivate identifier authorization
     *
@@ -427,10 +414,7 @@ class AcmeClient {
            throw new Error('Unable to deactivate identifier authorization, URL not found');
        }
-        const data = {
+        const data = { status: 'deactivated' };
            status: 'deactivated'
        };
        const resp = await this.api.updateAuthorization(authz.url, data);
        /* Add URL to response */
@@ -438,7 +422,6 @@ class AcmeClient {
        return resp.data;
    }
    /**
     * Get key authorization for ACME challenge
     *
@@ -480,7 +463,6 @@ class AcmeClient {
        throw new Error(`Unable to produce key authorization, unknown challenge type: ${challenge.type}`);
    }
    /**
     * Verify that ACME challenge is satisfied
     *
@@ -515,7 +497,6 @@ class AcmeClient {
        return util.retry(verifyFn, this.backoffOpts);
    }
    /**
     * Notify CA that challenge has been completed
     *
@@ -536,7 +517,6 @@ class AcmeClient {
        return resp.data;
    }
    /**
     * Wait for ACME provider to verify status on a order, authorization or challenge
     *
@@ -593,7 +573,6 @@ class AcmeClient {
        return util.retry(verifyFn, this.backoffOpts);
    }
    /**
     * Get certificate from ACME order
     *
@@ -640,7 +619,6 @@ class AcmeClient {
        return resp.data;
    }
    /**
     * Revoke certificate
     *
@@ -660,7 +638,7 @@ class AcmeClient {
     * ```js
     * const certificate = { ... }; // Previously created certificate
     * const result = await client.revokeCertificate(certificate, {
-     *     reason: 4
+     *     reason: 4,
     * });
     * ```
     */
@@ -671,7 +649,6 @@ class AcmeClient {
        return resp.data;
    }
    /**
     * Auto mode
     *
@@ -689,7 +666,7 @@ class AcmeClient {
     * @example Order a certificate using auto mode
     * ```js
     * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-     *     commonName: 'test.example.com'
+     *     altNames: ['test.example.com'],
     * });
     *
     * const certificate = await client.auto({
@@ -701,14 +678,14 @@ class AcmeClient {
     *     },
     *     challengeRemoveFn: async (authz, challenge, keyAuthorization) => {
     *         // Clean up challenge here
-     *     }
+     *     },
     * });
     * ```
     *
     * @example Order a certificate using auto mode with preferred chain
     * ```js
     * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
-     *     commonName: 'test.example.com'
+     *     altNames: ['test.example.com'],
     * });
     *
     * const certificate = await client.auto({
@@ -717,7 +694,7 @@ class AcmeClient {
     *     termsOfServiceAgreed: true,
     *     preferredChain: 'DST Root CA X3',
     *     challengeCreateFn: async () => {},
-     *     challengeRemoveFn: async () => {}
+     *     challengeRemoveFn: async () => {},
     * });
     * ```
     */
@@ -727,6 +704,5 @@ class AcmeClient {
    }
 }
 /* Export client */
 module.exports = AcmeClient;
--- a/packages/core/acme-client/src/crypto/forge.js
+++ b/packages/core/acme-client/src/crypto/forge.js
@@ -13,7 +13,6 @@ const forge = require('node-forge');
 const generateKeyPair = promisify(forge.pki.rsa.generateKeyPair);
 /**
 * Attempt to parse forge object from PEM encoded string
 *
@@ -54,7 +53,6 @@ function forgeObjectFromPem(input) {
    return result;
 }
 /**
 * Parse domain names from a certificate or CSR
 *
@@ -93,11 +91,10 @@ function parseDomains(obj) {
    return {
        commonName,
-        altNames
+        altNames,
    };
 }
 /**
 * Generate a private RSA key
 *
@@ -123,7 +120,6 @@ async function createPrivateKey(size = 2048) {
 exports.createPrivateKey = createPrivateKey;
 /**
 * Create public key from a private RSA key
 *
@@ -136,14 +132,13 @@ exports.createPrivateKey = createPrivateKey;
 * ```
 */
-exports.createPublicKey = async function(key) {
+exports.createPublicKey = async (key) => {
    const privateKey = forge.pki.privateKeyFromPem(key);
    const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e);
    const pemKey = forge.pki.publicKeyToPem(publicKey);
    return Buffer.from(pemKey);
 };
 /**
 * Parse body of PEM encoded object from buffer or string
 * If multiple objects are chained, the first body will be returned
@@ -157,7 +152,6 @@ exports.getPemBody = (str) => {
    return forge.util.encode64(msg.body);
 };
 /**
 * Split chain of PEM encoded objects from buffer or string into array
 *
@@ -167,7 +161,6 @@ exports.getPemBody = (str) => {
 exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
 /**
 * Get modulus
 *
@@ -182,7 +175,7 @@ exports.splitPemChain = (str) => forge.pem.decode(str).map(forge.pem.encode);
 * ```
 */
-exports.getModulus = async function(input) {
+exports.getModulus = async (input) => {
    if (!Buffer.isBuffer(input)) {
        input = Buffer.from(input);
    }
@@ -191,7 +184,6 @@ exports.getModulus = async function(input) {
    return Buffer.from(forge.util.hexToBytes(obj.n.toString(16)), 'binary');
 };
 /**
 * Get public exponent
 *
@@ -206,7 +198,7 @@ exports.getModulus = async function(input) {
 * ```
 */
-exports.getPublicExponent = async function(input) {
+exports.getPublicExponent = async (input) => {
    if (!Buffer.isBuffer(input)) {
        input = Buffer.from(input);
    }
@@ -215,7 +207,6 @@ exports.getPublicExponent = async function(input) {
    return Buffer.from(forge.util.hexToBytes(obj.e.toString(16)), 'binary');
 };
 /**
 * Read domains from a Certificate Signing Request
 *
@@ -231,7 +222,7 @@ exports.getPublicExponent = async function(input) {
 * ```
 */
-exports.readCsrDomains = async function(csr) {
+exports.readCsrDomains = async (csr) => {
    if (!Buffer.isBuffer(csr)) {
        csr = Buffer.from(csr);
    }
@@ -240,7 +231,6 @@ exports.readCsrDomains = async function(csr) {
    return parseDomains(obj);
 };
 /**
 * Read information from a certificate
 *
@@ -260,7 +250,7 @@ exports.readCsrDomains = async function(csr) {
 * ```
 */
-exports.readCertificateInfo = async function(cert) {
+exports.readCertificateInfo = async (cert) => {
    if (!Buffer.isBuffer(cert)) {
        cert = Buffer.from(cert);
    }
@@ -270,15 +260,14 @@ exports.readCertificateInfo = async function(cert) {
    return {
        issuer: {
-            commonName: issuerCn ? issuerCn.value : null
+            commonName: issuerCn ? issuerCn.value : null,
        },
        domains: parseDomains(obj),
        notAfter: obj.validity.notAfter,
-        notBefore: obj.validity.notBefore
+        notBefore: obj.validity.notBefore,
    };
 };
 /**
 * Determine ASN.1 type for CSR subject short name
 * Note: https://datatracker.ietf.org/doc/html/rfc5280
@@ -299,7 +288,6 @@ function getCsrValueTagClass(shortName) {
    }
 }
 /**
 * Create array of short names and values for Certificate Signing Request subjects
 *
@@ -319,7 +307,6 @@ function createCsrSubject(subjectObj) {
    }, []);
 }
 /**
 * Create array of alt names for Certificate Signing Requests
 * Note: https://github.com/digitalbazaar/forge/blob/dfdde475677a8a25c851e33e8f81dca60d90cfb9/lib/x509.js#L1444-L1454
@@ -336,7 +323,6 @@ function formatCsrAltNames(altNames) {
    });
 }
 /**
 * Create a Certificate Signing Request
 *
@@ -356,29 +342,30 @@ function formatCsrAltNames(altNames) {
 * @example Create a Certificate Signing Request
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with both common and alternative names
 * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
 *     keySize: 4096,
 *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with additional information
 * ```js
 * const [certificateKey, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
 *     country: 'US',
 *     state: 'California',
 *     locality: 'Los Angeles',
 *     organization: 'The Company Inc.',
 *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
 * });
 * ```
 *
@@ -387,11 +374,11 @@ function formatCsrAltNames(altNames) {
 * const certificateKey = await acme.forge.createPrivateKey();
 *
 * const [, certificateRequest] = await acme.forge.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * }, certificateKey);
 */
-exports.createCsr = async function(data, key = null) {
+exports.createCsr = async (data, key = null) => {
    if (!key) {
        key = await createPrivateKey(data.keySize);
    }
@@ -423,7 +410,7 @@ exports.createCsr = async function(data, key = null) {
        L: data.locality,
        O: data.organization,
        OU: data.organizationUnit,
-        E: data.emailAddress
+        E: data.emailAddress,
    });
    csr.setSubject(subject);
@@ -434,8 +421,8 @@ exports.createCsr = async function(data, key = null) {
            name: 'extensionRequest',
            extensions: [{
                name: 'subjectAltName',
-                altNames: formatCsrAltNames(data.altNames)
+                altNames: formatCsrAltNames(data.altNames),
-            }]
+            }],
        }]);
    }
--- a/packages/core/acme-client/src/crypto/index.js
+++ b/packages/core/acme-client/src/crypto/index.js
@@ -22,7 +22,6 @@ const subjectAltNameOID = '2.5.29.17';
 /* id-pe-acmeIdentifier - https://datatracker.ietf.org/doc/html/rfc8737#section-6.1 */
 const alpnAcmeIdentifierOID = '1.3.6.1.5.5.7.1.31';
 /**
 * Determine key type and info by attempting to derive public key
 *
@@ -35,7 +34,7 @@ function getKeyInfo(keyPem) {
    const result = {
        isRSA: false,
        isECDSA: false,
-        publicKey: crypto.createPublicKey(keyPem)
+        publicKey: crypto.createPublicKey(keyPem),
    };
    if (result.publicKey.asymmetricKeyType === 'rsa') {
@@ -51,7 +50,6 @@ function getKeyInfo(keyPem) {
    return result;
 }
 /**
 * Generate a private RSA key
 *
@@ -74,8 +72,8 @@ async function createPrivateRsaKey(modulusLength = 2048) {
        modulusLength,
        privateKeyEncoding: {
            type: 'pkcs8',
-            format: 'pem'
+            format: 'pem',
-        }
+        },
    });
    return Buffer.from(pair.privateKey);
@@ -83,7 +81,6 @@ async function createPrivateRsaKey(modulusLength = 2048) {
 exports.createPrivateRsaKey = createPrivateRsaKey;
 /**
 * Alias of `createPrivateRsaKey()`
 *
@@ -92,7 +89,6 @@ exports.createPrivateRsaKey = createPrivateRsaKey;
 exports.createPrivateKey = createPrivateRsaKey;
 /**
 * Generate a private ECDSA key
 *
@@ -115,14 +111,13 @@ exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => {
        namedCurve,
        privateKeyEncoding: {
            type: 'pkcs8',
-            format: 'pem'
+            format: 'pem',
-        }
+        },
    });
    return Buffer.from(pair.privateKey);
 };
 /**
 * Get a public key derived from a RSA or ECDSA key
 *
@@ -140,13 +135,12 @@ exports.getPublicKey = (keyPem) => {
    const publicKey = info.publicKey.export({
        type: info.isECDSA ? 'spki' : 'pkcs1',
-        format: 'pem'
+        format: 'pem',
    });
    return Buffer.from(publicKey);
 };
 /**
 * Get a JSON Web Key derived from a RSA or ECDSA key
 *
@@ -163,7 +157,7 @@ exports.getPublicKey = (keyPem) => {
 function getJwk(keyPem) {
    const jwk = crypto.createPublicKey(keyPem).export({
-        format: 'jwk'
+        format: 'jwk',
    });
    /* Sort keys */
@@ -175,7 +169,6 @@ function getJwk(keyPem) {
 exports.getJwk = getJwk;
 /**
 * Produce CryptoKeyPair and signing algorithm from a PEM encoded private key
 *
@@ -191,7 +184,7 @@ async function getWebCryptoKeyPair(keyPem) {
    /* Signing algorithm */
    const sigalg = {
        name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
+        hash: { name: 'SHA-256' },
    };
    if (info.isECDSA) {
@@ -215,7 +208,6 @@ async function getWebCryptoKeyPair(keyPem) {
    return [{ privateKey, publicKey }, sigalg];
 }
 /**
 * Split chain of PEM encoded objects from string into array
 *
@@ -235,7 +227,6 @@ function splitPemChain(chainPem) {
 exports.splitPemChain = splitPemChain;
 /**
 * Parse body of PEM encoded object and return a Base64URL string
 * If multiple objects are chained, the first body will be returned
@@ -256,7 +247,6 @@ exports.getPemBodyAsB64u = (pem) => {
    return Buffer.from(dec).toString('base64url');
 };
 /**
 * Parse domains from a certificate or CSR
 *
@@ -277,11 +267,10 @@ function parseDomains(input) {
    return {
        commonName,
-        altNames
+        altNames,
    };
 }
 /**
 * Read domains from a Certificate Signing Request
 *
@@ -307,7 +296,6 @@ exports.readCsrDomains = (csrPem) => {
    return parseDomains(csr);
 };
 /**
 * Read information from a certificate
 * If multiple certificates are chained, the first will be read
@@ -338,15 +326,14 @@ exports.readCertificateInfo = (certPem) => {
    return {
        issuer: {
-            commonName: cert.issuerName.getField('CN').pop() || null
+            commonName: cert.issuerName.getField('CN').pop() || null,
        },
        domains: parseDomains(cert),
        notBefore: cert.notBefore,
-        notAfter: cert.notAfter
+        notAfter: cert.notAfter,
    };
 };
 /**
 * Determine ASN.1 character string type for CSR subject field name
 *
@@ -369,7 +356,6 @@ function getCsrAsn1CharStringType(field) {
    }
 }
 /**
 * Create array of subject fields for a Certificate Signing Request
 *
@@ -391,7 +377,6 @@ function createCsrSubject(input) {
    }, []);
 }
 /**
 * Create x509 subject alternate name extension
 *
@@ -409,7 +394,6 @@ function createSubjectAltNameExtension(altNames) {
    }));
 }
 /**
 * Create a Certificate Signing Request
 *
@@ -429,29 +413,30 @@ function createSubjectAltNameExtension(altNames) {
 * @example Create a Certificate Signing Request
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with both common and alternative names
 * > *Warning*: Certificate subject common name has been [deprecated](https://letsencrypt.org/docs/glossary/#def-CN) and its use is [discouraged](https://cabforum.org/uploads/BRv1.2.3.pdf).
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
 *     keySize: 4096,
 *     commonName: 'test.example.com',
- *     altNames: ['foo.example.com', 'bar.example.com']
+ *     altNames: ['foo.example.com', 'bar.example.com'],
 * });
 * ```
 *
 * @example Certificate Signing Request with additional information
 * ```js
 * const [certificateKey, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com',
+ *     altNames: ['test.example.com'],
 *     country: 'US',
 *     state: 'California',
 *     locality: 'Los Angeles',
 *     organization: 'The Company Inc.',
 *     organizationUnit: 'IT Department',
- *     emailAddress: 'contact@example.com'
+ *     emailAddress: 'contact@example.com',
 * });
 * ```
 *
@@ -460,8 +445,9 @@ function createSubjectAltNameExtension(altNames) {
 * const certificateKey = await acme.crypto.createPrivateEcdsaKey();
 *
 * const [, certificateRequest] = await acme.crypto.createCsr({
- *     commonName: 'test.example.com'
+ *     altNames: ['test.example.com'],
 * }, certificateKey);
 * ```
 */
 exports.createCsr = async (data, keyPem = null) => {
@@ -489,7 +475,7 @@ exports.createCsr = async (data, keyPem = null) => {
        new x509.KeyUsagesExtension(x509.KeyUsageFlags.digitalSignature | x509.KeyUsageFlags.keyEncipherment), // eslint-disable-line no-bitwise
        /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension(data.altNames)
+        createSubjectAltNameExtension(data.altNames),
    ];
    /* Create CSR */
@@ -504,8 +490,8 @@ exports.createCsr = async (data, keyPem = null) => {
            L: data.locality,
            O: data.organization,
            OU: data.organizationUnit,
-            E: data.emailAddress
+            E: data.emailAddress,
-        })
+        }),
    });
    /* Done */
@@ -513,7 +499,6 @@ exports.createCsr = async (data, keyPem = null) => {
    return [keyPem, Buffer.from(pem)];
 };
 /**
 * Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
 *
@@ -533,6 +518,7 @@ exports.createCsr = async (data, keyPem = null) => {
 * ```js
 * const alpnKey = await acme.crypto.createPrivateEcdsaKey();
 * const [, alpnCertificate] = await acme.crypto.createAlpnCertificate(authz, keyAuthorization, alpnKey);
 * ```
 */
 exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) => {
@@ -564,7 +550,7 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
        await x509.SubjectKeyIdentifierExtension.create(keys.publicKey),
        /* https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 */
-        createSubjectAltNameExtension([commonName])
+        createSubjectAltNameExtension([commonName]),
    ];
    /* ALPN extension */
@@ -581,8 +567,8 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
        notBefore: now,
        notAfter: now,
        name: createCsrSubject({
-            CN: commonName
+            CN: commonName,
-        })
+        }),
    });
    /* Done */
@@ -590,7 +576,6 @@ exports.createAlpnCertificate = async (authz, keyAuthorization, keyPem = null) =
    return [keyPem, Buffer.from(pem)];
 };
 /**
 * Validate that a ALPN certificate contains the expected key authorization
 *
--- a/packages/core/acme-client/src/http.js
+++ b/packages/core/acme-client/src/http.js
@@ -7,7 +7,6 @@ const { getJwk } = require('./crypto');
 const { log } = require('./logger');
 const axios = require('./axios');
 /**
 * ACME HTTP client
 *
@@ -26,10 +25,12 @@ class HttpClient {
        this.externalAccountBinding = externalAccountBinding;
        this.maxBadNonceRetries = 5;
        this.directory = null;
        this.jwk = null;
    }
        this.directoryCache = null;
        this.directoryMaxAge = 86400;
        this.directoryTimestamp = 0;
    }
    /**
     * HTTP request
@@ -60,17 +61,20 @@ class HttpClient {
        return resp;
    }
    /**
-     * Ensure provider directory exists
+     * Get ACME provider directory
     *
     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1
     *
-     * @returns {Promise}
+     * @returns {Promise<object>} ACME directory contents
     */
    async getDirectory() {
-        if (!this.directory) {
+        const now = Math.floor(Date.now() / 1000);
        const age = (now - this.directoryTimestamp);
        if (!this.directoryCache || (age > this.directoryMaxAge)) {
            log(`Refreshing ACME directory, age: ${age}`);
            const resp = await this.request(this.directoryUrl, 'get');
            if (resp.status >= 400) {
@@ -81,10 +85,12 @@ class HttpClient {
                throw new Error('Attempting to read ACME directory returned no data');
            }
-            this.directory = resp.data;
+            this.directoryCache = resp.data;
-        }
+            this.directoryTimestamp = now;
        }
        return this.directoryCache;
    }
    /**
     * Get JSON Web Key
@@ -100,13 +106,12 @@ class HttpClient {
        return this.jwk;
    }
    /**
     * Get nonce from directory API endpoint
     *
     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.2
     *
-     * @returns {Promise<string>} nonce
+     * @returns {Promise<string>} Nonce
     */
    async getNonce() {
@@ -120,7 +125,6 @@ class HttpClient {
        return resp.headers['replay-nonce'];
    }
    /**
     * Get URL for a directory resource
     *
@@ -129,16 +133,15 @@ class HttpClient {
     */
    async getResourceUrl(resource) {
-        await this.getDirectory();
+        const dir = await this.getDirectory();
-        if (!this.directory[resource]) {
+        if (!dir[resource]) {
            throw new Error(`Unable to locate API resource URL in ACME directory: "${resource}"`);
        }
-        return this.directory[resource];
+        return dir[resource];
    }
    /**
     * Get directory meta field
     *
@@ -147,16 +150,15 @@ class HttpClient {
     */
    async getMetaField(field) {
-        await this.getDirectory();
+        const dir = await this.getDirectory();
-        if (('meta' in this.directory) && (field in this.directory.meta)) {
+        if (('meta' in dir) && (field in dir.meta)) {
-            return this.directory.meta[field];
+            return dir.meta[field];
        }
        return null;
    }
    /**
     * Prepare HTTP request body for signature
     *
@@ -189,11 +191,10 @@ class HttpClient {
        /* Body */
        return {
            payload: payload ? Buffer.from(JSON.stringify(payload)).toString('base64url') : '',
-            protected: Buffer.from(JSON.stringify(header)).toString('base64url')
+            protected: Buffer.from(JSON.stringify(header)).toString('base64url'),
        };
    }
    /**
     * Create JWS HTTP request body using HMAC
     *
@@ -216,7 +217,6 @@ class HttpClient {
        return result;
    }
    /**
     * Create JWS HTTP request body using RSA or ECC
     *
@@ -257,13 +257,12 @@ class HttpClient {
        result.signature = signer.sign({
            key: this.accountKey,
            padding: RSA_PKCS1_PADDING,
-            dsaEncoding: 'ieee-p1363'
+            dsaEncoding: 'ieee-p1363',
        }, 'base64url');
        return result;
    }
    /**
     * Signed HTTP request
     *
@@ -299,7 +298,7 @@ class HttpClient {
        const data = this.createSignedBody(url, payload, { nonce, kid });
        const resp = await this.request(url, 'post', { data });
-        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-10#section-6.4 */
+        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/rfc8555#section-6.5 */
        if (resp.data && resp.data.type && (resp.status === 400) && (resp.data.type === 'urn:ietf:params:acme:error:badNonce') && (attempts < this.maxBadNonceRetries)) {
            nonce = resp.headers['replay-nonce'] || null;
            attempts += 1;
@@ -313,6 +312,5 @@ class HttpClient {
    }
 }
 /* Export client */
 module.exports = HttpClient;
--- a/packages/core/acme-client/src/index.js
+++ b/packages/core/acme-client/src/index.js
@@ -4,7 +4,6 @@
 exports.Client = require('./client');
 /**
 * Directory URLs
 */
@@ -12,18 +11,21 @@ exports.Client = require('./client');
 exports.directory = {
    buypass: {
        staging: 'https://api.test4.buypass.no/acme/directory',
-        production: 'https://api.buypass.com/acme/directory'
+        production: 'https://api.buypass.com/acme/directory',
    },
    google: {
        staging: 'https://dv.acme-v02.test-api.pki.goog/directory',
        production: 'https://dv.acme-v02.api.pki.goog/directory',
    },
    letsencrypt: {
        staging: 'https://acme-staging-v02.api.letsencrypt.org/directory',
-        production: 'https://acme-v02.api.letsencrypt.org/directory'
+        production: 'https://acme-v02.api.letsencrypt.org/directory',
    },
    zerossl: {
-        production: 'https://acme.zerossl.com/v2/DV90'
+        production: 'https://acme.zerossl.com/v2/DV90',
-    }
+    },
 };
 /**
 * Crypto
 */
@@ -31,14 +33,12 @@ exports.directory = {
 exports.crypto = require('./crypto');
 exports.forge = require('./crypto/forge');
 /**
 * Axios
 */
 exports.axios = require('./axios');
 /**
 * Logger
 */
--- a/packages/core/acme-client/src/logger.js
+++ b/packages/core/acme-client/src/logger.js
@@ -6,7 +6,6 @@ const debug = require('debug')('acme-client');
 let logger = () => {};
 /**
 * Set logger function
 *
@@ -17,11 +16,10 @@ exports.setLogger = (fn) => {
    logger = fn;
 };
 /**
 * Log message
 *
- * @param {string} Message
+ * @param {string} msg Message
 */
 exports.log = (msg) => {
--- a/packages/core/acme-client/src/util.js
+++ b/packages/core/acme-client/src/util.js
@@ -7,7 +7,6 @@ const dns = require('dns').promises;
 const { readCertificateInfo, splitPemChain } = require('./crypto');
 const { log } = require('./logger');
 /**
 * Exponential backoff
 *
@@ -26,7 +25,6 @@ class Backoff {
        this.attempts = 0;
    }
    /**
     * Get backoff duration
     *
@@ -40,7 +38,6 @@ class Backoff {
    }
 }
 /**
 * Retry promise
 *
@@ -70,7 +67,6 @@ async function retryPromise(fn, attempts, backoff) {
    }
 }
 /**
 * Retry promise
 *
@@ -87,11 +83,13 @@ function retry(fn, { attempts = 5, min = 5000, max = 30000 } = {}) {
    return retryPromise(fn, attempts, backoff);
 }
 /**
- * Parse URLs from link header
+ * Parse URLs from Link header
 *
- * @param {string} header Link header contents
+ * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4.2
 * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Link
 *
 * @param {string} header Header contents
 * @param {string} rel Link relation, default: `alternate`
 * @returns {string[]} Array of URLs
 */
@@ -107,6 +105,36 @@ function parseLinkHeader(header, rel = 'alternate') {
    return results.filter((r) => r);
 }
 /**
 * Parse date or duration from Retry-After header
 *
 * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Retry-After
 *
 * @param {string} header Header contents
 * @returns {number} Retry duration in seconds
 */
 function parseRetryAfterHeader(header) {
    const sec = parseInt(header, 10);
    const date = new Date(header);
    /* Seconds into the future */
    if (Number.isSafeInteger(sec) && (sec > 0)) {
        return sec;
    }
    /* Future date string */
    if (date instanceof Date && !Number.isNaN(date)) {
        const now = new Date();
        const diff = Math.ceil((date.getTime() - now.getTime()) / 1000);
        if (diff > 0) {
            return diff;
        }
    }
    return 0;
 }
 /**
 * Find certificate chain with preferred issuer common name
@@ -157,7 +185,6 @@ function findCertificateChainForIssuer(chains, issuer) {
    return chains[0];
 }
 /**
 * Find and format error in response object
 *
@@ -168,16 +195,17 @@ function findCertificateChainForIssuer(chains, issuer) {
 function formatResponseError(resp) {
    let result;
    if (resp.data) {
        if (resp.data.error) {
            result = resp.data.error.detail || resp.data.error;
        }
        else {
            result = resp.data.detail || JSON.stringify(resp.data);
        }
    return result.replace(/\n/g, '');
    }
    return (result || '').replace(/\n/g, '');
 }
 /**
 * Resolve root domain name by looking for SOA record
@@ -204,7 +232,6 @@ async function resolveDomainBySoaRecord(recordName) {
    }
 }
 /**
 * Get DNS resolver using domains authoritative NS records
 *
@@ -245,7 +272,6 @@ async function getAuthoritativeDnsResolver(recordName) {
    return resolver;
 }
 /**
 * Attempt to retrieve TLS ALPN certificate from peer
 *
@@ -267,7 +293,7 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
            port,
            servername: host,
            rejectUnauthorized: false,
-            ALPNProtocols: ['acme-tls/1']
+            ALPNProtocols: ['acme-tls/1'],
        });
        socket.setTimeout(timeout);
@@ -299,7 +325,6 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
    });
 }
 /**
 * Export utils
 */
@@ -307,8 +332,9 @@ async function retrieveTlsAlpnCertificate(host, port, timeout = 30000) {
 module.exports = {
    retry,
    parseLinkHeader,
    parseRetryAfterHeader,
    findCertificateChainForIssuer,
    formatResponseError,
    getAuthoritativeDnsResolver,
-    retrieveTlsAlpnCertificate
+    retrieveTlsAlpnCertificate,
 };
--- a/packages/core/acme-client/src/verify.js
+++ b/packages/core/acme-client/src/verify.js
@@ -9,7 +9,6 @@ const axios = require('./axios');
 const util = require('./util');
 const { isAlpnCertificateAuthorizationValid } = require('./crypto');
 /**
 * Verify ACME HTTP challenge
 *
@@ -43,7 +42,6 @@ async function verifyHttpChallenge(authz, challenge, keyAuthorization, suffix =
    return true;
 }
 /**
 * Walk DNS until TXT records are found
 */
@@ -81,7 +79,6 @@ async function walkDnsChallengeRecord(recordName, resolver = dns) {
    throw new Error(`No TXT records found for name: ${recordName}`);
 }
 /**
 * Verify ACME DNS challenge
 *
@@ -121,7 +118,6 @@ async function verifyDnsChallenge(authz, challenge, keyAuthorization, prefix = '
    return true;
 }
 /**
 * Verify ACME TLS ALPN challenge
 *
@@ -149,7 +145,6 @@ async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
    return true;
 }
 /**
 * Export API
 */
@@ -157,5 +152,5 @@ async function verifyTlsAlpnChallenge(authz, challenge, keyAuthorization) {
 module.exports = {
    'http-01': verifyHttpChallenge,
    'dns-01': verifyDnsChallenge,
-    'tls-alpn-01': verifyTlsAlpnChallenge
+    'tls-alpn-01': verifyTlsAlpnChallenge,
 };
--- a/packages/core/acme-client/test/00-pebble.spec.js
+++ b/packages/core/acme-client/test/00-pebble.spec.js
@@ -16,7 +16,6 @@ const httpPort = axios.defaults.acmeSettings.httpChallengePort || 80;
 const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
 const tlsAlpnPort = axios.defaults.acmeSettings.tlsAlpnChallengePort || 443;
 describe('pebble', () => {
    const httpsAgent = new https.Agent({ rejectUnauthorized: false });
@@ -39,7 +38,6 @@ describe('pebble', () => {
    const testTlsAlpn01ChallengeHost = `${uuid()}.${domainName}`;
    const testTlsAlpn01ChallengeValue = uuid();
    /**
     * Pebble CTS required
     */
@@ -50,7 +48,6 @@ describe('pebble', () => {
        }
    });
    /**
     * DNS mocking
     */
@@ -92,7 +89,6 @@ describe('pebble', () => {
        });
    });
    /**
     * HTTP-01 challenge response
     */
@@ -118,7 +114,6 @@ describe('pebble', () => {
        });
    });
    /**
     * HTTPS-01 challenge response
     */
@@ -143,7 +138,7 @@ describe('pebble', () => {
            /* Assert HTTP 302 */
            const resp = await axios.get(`http://${testHttps01ChallengeHost}:${httpPort}/.well-known/acme-challenge/${testHttps01ChallengeToken}`, {
                maxRedirects: 0,
-                validateStatus: null
+                validateStatus: null,
            });
            assert.strictEqual(resp.status, 302);
@@ -165,7 +160,6 @@ describe('pebble', () => {
        });
    });
    /**
     * DNS-01 challenge response
     */
@@ -188,7 +182,6 @@ describe('pebble', () => {
        });
    });
    /**
     * TLS-ALPN-01 challenge response
     */
--- a/packages/core/acme-client/test/10-http.spec.js
+++ b/packages/core/acme-client/test/10-http.spec.js
@@ -9,41 +9,17 @@ const axios = require('./../src/axios');
 const HttpClient = require('./../src/http');
 const pkg = require('./../package.json');
 describe('http', () => {
    let testClient;
    const endpoint = `http://${uuid()}.example.com`;
    const defaultUserAgent = `node-${pkg.name}/${pkg.version}`;
    const customUserAgent = 'custom-ua-123';
-    const primaryEndpoint = `http://${uuid()}.example.com`;
+    afterEach(() => {
-    const defaultUaEndpoint = `http://${uuid()}.example.com`;
+        nock.cleanAll();
    const customUaEndpoint = `http://${uuid()}.example.com`;
    /**
     * HTTP mocking
     */
    before(() => {
        const defaultUaOpts = { reqheaders: { 'User-Agent': defaultUserAgent } };
        const customUaOpts = { reqheaders: { 'User-Agent': customUserAgent } };
        nock(primaryEndpoint)
            .persist().get('/').reply(200, 'ok');
        nock(defaultUaEndpoint, defaultUaOpts)
            .persist().get('/').reply(200, 'ok');
        nock(customUaEndpoint, customUaOpts)
            .persist().get('/').reply(200, 'ok');
    });
    after(() => {
        axios.defaults.headers.common['User-Agent'] = defaultUserAgent;
    });
    /**
     * Initialize
     */
@@ -52,47 +28,94 @@ describe('http', () => {
        testClient = new HttpClient();
    });
    /**
     * HTTP verbs
     */
    it('should http get', async () => {
-        const resp = await testClient.request(primaryEndpoint, 'get');
+        nock(endpoint).get('/').reply(200, 'ok');
        const resp = await testClient.request(endpoint, 'get');
        assert.isObject(resp);
        assert.strictEqual(resp.status, 200);
        assert.strictEqual(resp.data, 'ok');
    });
    /**
     * User-Agent
     */
    it('should request using default user-agent', async () => {
-        const resp = await testClient.request(defaultUaEndpoint, 'get');
+        nock(endpoint).matchHeader('user-agent', defaultUserAgent).get('/').reply(200, 'ok');
        axios.defaults.headers.common['User-Agent'] = defaultUserAgent;
        const resp = await testClient.request(endpoint, 'get');
        assert.isObject(resp);
        assert.strictEqual(resp.status, 200);
        assert.strictEqual(resp.data, 'ok');
    });
-    it('should not request using custom user-agent', async () => {
+    it('should reject using custom user-agent', async () => {
-        await assert.isRejected(testClient.request(customUaEndpoint, 'get'));
+        nock(endpoint).matchHeader('user-agent', defaultUserAgent).get('/').reply(200, 'ok');
        axios.defaults.headers.common['User-Agent'] = customUserAgent;
        await assert.isRejected(testClient.request(endpoint, 'get'));
    });
    it('should request using custom user-agent', async () => {
        nock(endpoint).matchHeader('user-agent', customUserAgent).get('/').reply(200, 'ok');
        axios.defaults.headers.common['User-Agent'] = customUserAgent;
-        const resp = await testClient.request(customUaEndpoint, 'get');
+        const resp = await testClient.request(endpoint, 'get');
        assert.isObject(resp);
        assert.strictEqual(resp.status, 200);
        assert.strictEqual(resp.data, 'ok');
    });
-    it('should not request using default user-agent', async () => {
+    it('should reject using default user-agent', async () => {
-        axios.defaults.headers.common['User-Agent'] = customUserAgent;
+        nock(endpoint).matchHeader('user-agent', customUserAgent).get('/').reply(200, 'ok');
-        await assert.isRejected(testClient.request(defaultUaEndpoint, 'get'));
+        axios.defaults.headers.common['User-Agent'] = defaultUserAgent;
        await assert.isRejected(testClient.request(endpoint, 'get'));
    });
    /**
     * Retry on HTTP errors
     */
    it('should retry on 429 rate limit', async () => {
        let rateLimitCount = 0;
        nock(endpoint).persist().get('/').reply(() => {
            rateLimitCount += 1;
            if (rateLimitCount < 3) {
                return [429, 'Rate Limit Exceeded', { 'Retry-After': 1 }];
            }
            return [200, 'ok'];
        });
        assert.strictEqual(rateLimitCount, 0);
        const resp = await testClient.request(endpoint, 'get');
        assert.isObject(resp);
        assert.strictEqual(resp.status, 200);
        assert.strictEqual(resp.data, 'ok');
        assert.strictEqual(rateLimitCount, 3);
    });
    it('should retry on 5xx server error', async () => {
        let serverErrorCount = 0;
        nock(endpoint).persist().get('/').reply(() => {
            serverErrorCount += 1;
            return [500, 'Internal Server Error', { 'Retry-After': 1 }];
        });
        assert.strictEqual(serverErrorCount, 0);
        const resp = await testClient.request(endpoint, 'get');
        assert.isObject(resp);
        assert.strictEqual(resp.status, 500);
        assert.strictEqual(serverErrorCount, 4);
    });
 });
--- a/packages/core/acme-client/test/10-logger.spec.js
+++ b/packages/core/acme-client/test/10-logger.spec.js
@@ -5,7 +5,6 @@
 const { assert } = require('chai');
 const logger = require('./../src/logger');
 describe('logger', () => {
    let lastLogMessage = null;
@@ -13,7 +12,6 @@ describe('logger', () => {
        lastLogMessage = msg;
    }
    /**
     * Logger
     */
@@ -23,7 +21,6 @@ describe('logger', () => {
        assert.isNull(lastLogMessage);
    });
    it('should log with custom logger', () => {
        logger.setLogger(customLoggerFn);
--- a/packages/core/acme-client/test/10-util.spec.js
+++ b/packages/core/acme-client/test/10-util.spec.js
@@ -0,0 +1,145 @@
 /**
 * Utility method tests
 */
 const dns = require('dns').promises;
 const fs = require('fs').promises;
 const path = require('path');
 const { assert } = require('chai');
 const util = require('./../src/util');
 const { readCertificateInfo } = require('./../src/crypto');
 describe('util', () => {
    const testCertPath1 = path.join(__dirname, 'fixtures', 'certificate.crt');
    const testCertPath2 = path.join(__dirname, 'fixtures', 'letsencrypt.crt');
    it('retry()', async () => {
        let attempts = 0;
        const backoffOpts = {
            min: 100,
            max: 500,
        };
        await assert.isRejected(util.retry(() => {
            throw new Error('oops');
        }, backoffOpts));
        const r = await util.retry(() => {
            attempts += 1;
            if (attempts < 3) {
                throw new Error('oops');
            }
            return 'abc';
        }, backoffOpts);
        assert.strictEqual(r, 'abc');
        assert.strictEqual(attempts, 3);
    });
    it('parseLinkHeader()', () => {
        const r1 = util.parseLinkHeader('<https://example.com/a>;rel="alternate"');
        assert.isArray(r1);
        assert.strictEqual(r1.length, 1);
        assert.strictEqual(r1[0], 'https://example.com/a');
        const r2 = util.parseLinkHeader('<https://example.com/b>;rel="test"');
        assert.isArray(r2);
        assert.strictEqual(r2.length, 0);
        const r3 = util.parseLinkHeader('<http://example.com/c>; rel="test"', 'test');
        assert.isArray(r3);
        assert.strictEqual(r3.length, 1);
        assert.strictEqual(r3[0], 'http://example.com/c');
        const r4 = util.parseLinkHeader(`<https://example.com/a>; rel="alternate",
            <https://example.com/x>; rel="nope",
            <https://example.com/b>;rel="alternate",
            <https://example.com/c>;   rel="alternate"`);
        assert.isArray(r4);
        assert.strictEqual(r4.length, 3);
        assert.strictEqual(r4[0], 'https://example.com/a');
        assert.strictEqual(r4[1], 'https://example.com/b');
        assert.strictEqual(r4[2], 'https://example.com/c');
    });
    it('parseRetryAfterHeader()', () => {
        const r1 = util.parseRetryAfterHeader('');
        assert.strictEqual(r1, 0);
        const r2 = util.parseRetryAfterHeader('abcdef');
        assert.strictEqual(r2, 0);
        const r3 = util.parseRetryAfterHeader('123');
        assert.strictEqual(r3, 123);
        const r4 = util.parseRetryAfterHeader('123.456');
        assert.strictEqual(r4, 123);
        const r5 = util.parseRetryAfterHeader('-555');
        assert.strictEqual(r5, 0);
        const r6 = util.parseRetryAfterHeader('Wed, 21 Oct 2015 07:28:00 GMT');
        assert.strictEqual(r6, 0);
        const now = new Date();
        const future = new Date(now.getTime() + 123000);
        const r7 = util.parseRetryAfterHeader(future.toUTCString());
        assert.isTrue(r7 > 100);
    });
    it('findCertificateChainForIssuer()', async () => {
        const certs = [
            (await fs.readFile(testCertPath1)).toString(),
            (await fs.readFile(testCertPath2)).toString(),
        ];
        const r1 = util.findCertificateChainForIssuer(certs, 'abc123');
        const r2 = util.findCertificateChainForIssuer(certs, 'example.com');
        const r3 = util.findCertificateChainForIssuer(certs, 'E6');
        [r1, r2, r3].forEach((r) => {
            assert.isString(r);
            assert.isNotEmpty(r);
        });
        assert.strictEqual(readCertificateInfo(r1).issuer.commonName, 'example.com');
        assert.strictEqual(readCertificateInfo(r2).issuer.commonName, 'example.com');
        assert.strictEqual(readCertificateInfo(r3).issuer.commonName, 'E6');
    });
    it('formatResponseError()', () => {
        const e1 = util.formatResponseError({ data: { error: 'aaa' } });
        assert.strictEqual(e1, 'aaa');
        const e2 = util.formatResponseError({ data: { error: { detail: 'bbb' } } });
        assert.strictEqual(e2, 'bbb');
        const e3 = util.formatResponseError({ data: { detail: 'ccc' } });
        assert.strictEqual(e3, 'ccc');
        const e4 = util.formatResponseError({ data: { a: 123 } });
        assert.strictEqual(e4, '{"a":123}');
        const e5 = util.formatResponseError({});
        assert.isString(e5);
        assert.isEmpty(e5);
    });
    it('getAuthoritativeDnsResolver()', async () => {
        /* valid domain - should not use global default */
        const r1 = await util.getAuthoritativeDnsResolver('example.com');
        assert.instanceOf(r1, dns.Resolver);
        assert.isNotEmpty(r1.getServers());
        assert.notDeepEqual(r1.getServers(), dns.getServers());
        /* invalid domain - fallback to global default */
        const r2 = await util.getAuthoritativeDnsResolver('invalid.xtldx');
        assert.instanceOf(r2, dns.Resolver);
        assert.deepStrictEqual(r2.getServers(), dns.getServers());
    });
    /* TODO: Figure out how to test this */
    it('retrieveTlsAlpnCertificate()');
 });
--- a/packages/core/acme-client/test/10-verify.spec.js
+++ b/packages/core/acme-client/test/10-verify.spec.js
@@ -9,7 +9,6 @@ const verify = require('./../src/verify');
 const domainName = process.env.ACME_DOMAIN_NAME || 'example.com';
 describe('verify', () => {
    const challengeTypes = ['http-01', 'dns-01'];
@@ -30,7 +29,6 @@ describe('verify', () => {
    const testTlsAlpn01Challenge = { type: 'dns-01', status: 'pending', token: uuid() };
    const testTlsAlpn01Key = uuid();
    /**
     * Pebble CTS required
     */
@@ -41,7 +39,6 @@ describe('verify', () => {
        }
    });
    /**
     * API
     */
@@ -50,7 +47,6 @@ describe('verify', () => {
        assert.containsAllKeys(verify, challengeTypes);
    });
    /**
     * http-01
     */
@@ -81,7 +77,6 @@ describe('verify', () => {
        });
    });
    /**
     * https-01
     */
@@ -102,7 +97,6 @@ describe('verify', () => {
        });
    });
    /**
     * dns-01
     */
@@ -133,7 +127,6 @@ describe('verify', () => {
        });
    });
    /**
     * tls-alpn-01
     */
--- a/packages/core/acme-client/test/20-crypto-legacy.spec.js
+++ b/packages/core/acme-client/test/20-crypto-legacy.spec.js
@@ -9,10 +9,9 @@ const spec = require('./spec');
 const forge = require('./../src/crypto/forge');
 const cryptoEngines = {
-    forge
+    forge,
 };
 describe('crypto-legacy', () => {
    let testPemKey;
    let testCert;
@@ -28,7 +27,6 @@ describe('crypto-legacy', () => {
    const testCertPath = path.join(__dirname, 'fixtures', 'certificate.crt');
    const testSanCertPath = path.join(__dirname, 'fixtures', 'san-certificate.crt');
    /**
     * Fixtures
     */
@@ -50,7 +48,6 @@ describe('crypto-legacy', () => {
        });
    });
    /**
     * Engines
     */
@@ -62,7 +59,6 @@ describe('crypto-legacy', () => {
            let testNonCnCsr;
            let testNonAsciiCsr;
            /**
             * Key generation
             */
@@ -83,14 +79,13 @@ describe('crypto-legacy', () => {
                publicKeyStore.push(key.toString().replace(/[\r\n]/gm, ''));
            });
            /**
             * Certificate Signing Request
             */
            it('should generate a csr', async () => {
                const [key, csr] = await engine.createCsr({
-                    commonName: testCsrDomain
+                    commonName: testCsrDomain,
                });
                assert.isTrue(Buffer.isBuffer(key));
@@ -102,7 +97,7 @@ describe('crypto-legacy', () => {
            it('should generate a san csr', async () => {
                const [key, csr] = await engine.createCsr({
                    commonName: testSanCsrDomains[0],
-                    altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length)
+                    altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length),
                });
                assert.isTrue(Buffer.isBuffer(key));
@@ -113,7 +108,7 @@ describe('crypto-legacy', () => {
            it('should generate a csr without common name', async () => {
                const [key, csr] = await engine.createCsr({
-                    altNames: testSanCsrDomains
+                    altNames: testSanCsrDomains,
                });
                assert.isTrue(Buffer.isBuffer(key));
@@ -126,7 +121,7 @@ describe('crypto-legacy', () => {
                const [key, csr] = await engine.createCsr({
                    commonName: testCsrDomain,
                    organization: '大安區',
-                    organizationUnit: '中文部門'
+                    organizationUnit: '中文部門',
                });
                assert.isTrue(Buffer.isBuffer(key));
@@ -167,7 +162,6 @@ describe('crypto-legacy', () => {
                assert.deepStrictEqual(result.altNames, [testCsrDomain]);
            });
            /**
             * Certificate
             */
@@ -188,7 +182,6 @@ describe('crypto-legacy', () => {
                assert.deepEqual(info.domains.altNames, testSanCsrDomains.slice(1, testSanCsrDomains.length));
            });
            /**
             * PEM utils
             */
@@ -214,7 +207,6 @@ describe('crypto-legacy', () => {
                });
            });
            /**
             * Modulus and exponent
             */
@@ -246,7 +238,6 @@ describe('crypto-legacy', () => {
        });
    });
    /**
     * Verify identical results
     */
--- a/packages/core/acme-client/test/20-crypto.spec.js
+++ b/packages/core/acme-client/test/20-crypto.spec.js
@@ -50,7 +50,6 @@ dGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0aW5ndGVzdGluZ3Rlc3Rpbmd0ZXN0
 -----END TEST-----
 `;
 describe('crypto', () => {
    const testCsrDomain = 'example.com';
    const testSanCsrDomains = ['example.com', 'test.example.com', 'abc.example.com'];
@@ -58,7 +57,6 @@ describe('crypto', () => {
    const testCertPath = path.join(__dirname, 'fixtures', 'certificate.crt');
    const testSanCertPath = path.join(__dirname, 'fixtures', 'san-certificate.crt');
    /**
     * Key types
     */
@@ -68,24 +66,23 @@ describe('crypto', () => {
            createKeyFns: {
                s1024: () => crypto.createPrivateRsaKey(1024),
                s2048: () => crypto.createPrivateRsaKey(),
-                s4096: () => crypto.createPrivateRsaKey(4096)
+                s4096: () => crypto.createPrivateRsaKey(4096),
            },
-            jwkSpecFn: spec.jwk.rsa
+            jwkSpecFn: spec.jwk.rsa,
        },
        ecdsa: {
            createKeyFns: {
                p256: () => crypto.createPrivateEcdsaKey(),
                p384: () => crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => crypto.createPrivateEcdsaKey('P-521')
+                p521: () => crypto.createPrivateEcdsaKey('P-521'),
            },
            jwkSpecFn: spec.jwk.ecdsa,
        },
            jwkSpecFn: spec.jwk.ecdsa
        }
    }).forEach(([name, { createKeyFns, jwkSpecFn }]) => {
        describe(name, () => {
            const testPrivateKeys = {};
            const testPublicKeys = {};
            /**
             * Iterate through all generator variations
             */
@@ -97,7 +94,6 @@ describe('crypto', () => {
                let testNonAsciiCsr;
                let testAlpnCertificate;
                /**
                 * Keys and JWK
                 */
@@ -132,14 +128,13 @@ describe('crypto', () => {
                    jwkSpecFn(jwk);
                });
                /**
                 * Certificate Signing Request
                 */
                it(`${n}/should generate a csr`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPrivateKeys[n]);
                    assert.isTrue(Buffer.isBuffer(key));
@@ -151,7 +146,7 @@ describe('crypto', () => {
                it(`${n}/should generate a san csr`, async () => {
                    const [key, csr] = await crypto.createCsr({
                        commonName: testSanCsrDomains[0],
-                        altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length)
+                        altNames: testSanCsrDomains.slice(1, testSanCsrDomains.length),
                    }, testPrivateKeys[n]);
                    assert.isTrue(Buffer.isBuffer(key));
@@ -162,7 +157,7 @@ describe('crypto', () => {
                it(`${n}/should generate a csr without common name`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        altNames: testSanCsrDomains
+                        altNames: testSanCsrDomains,
                    }, testPrivateKeys[n]);
                    assert.isTrue(Buffer.isBuffer(key));
@@ -175,7 +170,7 @@ describe('crypto', () => {
                    const [key, csr] = await crypto.createCsr({
                        commonName: testCsrDomain,
                        organization: '大安區',
-                        organizationUnit: '中文部門'
+                        organizationUnit: '中文部門',
                    }, testPrivateKeys[n]);
                    assert.isTrue(Buffer.isBuffer(key));
@@ -186,7 +181,7 @@ describe('crypto', () => {
                it(`${n}/should generate a csr with key as string`, async () => {
                    const [key, csr] = await crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPrivateKeys[n].toString());
                    assert.isTrue(Buffer.isBuffer(key));
@@ -195,11 +190,10 @@ describe('crypto', () => {
                it(`${n}/should throw with invalid key`, async () => {
                    await assert.isRejected(crypto.createCsr({
-                        commonName: testCsrDomain
+                        commonName: testCsrDomain,
                    }, testPublicKeys[n]));
                });
                /**
                 * Domain and info resolver
                 */
@@ -243,7 +237,6 @@ describe('crypto', () => {
                    });
                });
                /**
                 * ALPN
                 */
@@ -284,7 +277,6 @@ describe('crypto', () => {
        });
    });
    /**
     * Common functionality
     */
@@ -294,7 +286,6 @@ describe('crypto', () => {
        let testCert;
        let testSanCert;
        it('should read private key fixture', async () => {
            testPemKey = await fs.readFile(testKeyPath);
            assert.isTrue(Buffer.isBuffer(testPemKey));
@@ -310,21 +301,19 @@ describe('crypto', () => {
            assert.isTrue(Buffer.isBuffer(testSanCert));
        });
        /**
         * CSR with auto-generated key
         */
        it('should generate a csr with default key', async () => {
            const [key, csr] = await crypto.createCsr({
-                commonName: testCsrDomain
+                commonName: testCsrDomain,
            });
            assert.isTrue(Buffer.isBuffer(key));
            assert.isTrue(Buffer.isBuffer(csr));
        });
        /**
         * Certificate
         */
@@ -352,7 +341,6 @@ describe('crypto', () => {
            });
        });
        /**
         * ALPN
         */
@@ -365,7 +353,6 @@ describe('crypto', () => {
            assert.isTrue(Buffer.isBuffer(cert));
        });
        /**
         * PEM utils
         */
--- a/packages/core/acme-client/test/50-client.spec.js
+++ b/packages/core/acme-client/test/50-client.spec.js
@@ -20,24 +20,22 @@ const clientOpts = {
    directoryUrl,
    backoffAttempts: 5,
    backoffMin: 1000,
-    backoffMax: 5000
+    backoffMax: 5000,
 };
 if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY) {
    clientOpts.externalAccountBinding = {
        kid: process.env.ACME_EAB_KID,
-        hmacKey: process.env.ACME_EAB_HMAC_KEY
+        hmacKey: process.env.ACME_EAB_HMAC_KEY,
    };
 }
 describe('client', () => {
    const testDomain = `${uuid()}.${domainName}`;
    const testDomainAlpn = `${uuid()}.${domainName}`;
    const testDomainWildcard = `*.${testDomain}`;
    const testContact = `mailto:test-${uuid()}@nope.com`;
    /**
     * Pebble CTS required
     */
@@ -48,7 +46,6 @@ describe('client', () => {
        }
    });
    /**
     * Key types
     */
@@ -58,18 +55,18 @@ describe('client', () => {
            createKeyFn: () => acme.crypto.createPrivateRsaKey(),
            createKeyAltFns: {
                s1024: () => acme.crypto.createPrivateRsaKey(1024),
-                s4096: () => acme.crypto.createPrivateRsaKey(4096)
+                s4096: () => acme.crypto.createPrivateRsaKey(4096),
            },
-            jwkSpecFn: spec.jwk.rsa
+            jwkSpecFn: spec.jwk.rsa,
        },
        ecdsa: {
            createKeyFn: () => acme.crypto.createPrivateEcdsaKey(),
            createKeyAltFns: {
                p384: () => acme.crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => acme.crypto.createPrivateEcdsaKey('P-521')
+                p521: () => acme.crypto.createPrivateEcdsaKey('P-521'),
            },
            jwkSpecFn: spec.jwk.ecdsa,
        },
            jwkSpecFn: spec.jwk.ecdsa
        }
    }).forEach(([name, { createKeyFn, createKeyAltFns, jwkSpecFn }]) => {
        describe(name, () => {
            let testIssuers;
@@ -97,7 +94,6 @@ describe('client', () => {
            let testCertificateAlpn;
            let testCertificateWildcard;
            /**
             * Fixtures
             */
@@ -114,8 +110,8 @@ describe('client', () => {
            it('should generate certificate signing request', async () => {
                [, testCsr] = await acme.crypto.createCsr({ commonName: testDomain }, await createKeyFn());
-                [, testCsrAlpn] = await acme.crypto.createCsr({ commonName: testDomainAlpn }, await createKeyFn());
+                [, testCsrAlpn] = await acme.crypto.createCsr({ altNames: [testDomainAlpn] }, await createKeyFn());
-                [, testCsrWildcard] = await acme.crypto.createCsr({ commonName: testDomainWildcard }, await createKeyFn());
+                [, testCsrWildcard] = await acme.crypto.createCsr({ altNames: [testDomainWildcard] }, await createKeyFn());
            });
            it('should resolve certificate issuers [ACME_CAP_ALTERNATE_CERT_ROOTS]', async function () {
@@ -134,7 +130,6 @@ describe('client', () => {
                });
            });
            /**
             * Initialize clients
             */
@@ -142,7 +137,7 @@ describe('client', () => {
            it('should initialize client', () => {
                testClient = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountKey
+                    accountKey: testAccountKey,
                });
            });
@@ -151,7 +146,6 @@ describe('client', () => {
                jwkSpecFn(jwk);
            });
            /**
             * Terms of Service
             */
@@ -174,7 +168,6 @@ describe('client', () => {
                assert.isNull(tos);
            });
            /**
             * Create account
             */
@@ -195,17 +188,17 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    externalAccountBinding: null
+                    externalAccountBinding: null,
                });
                await assert.isRejected(client.createAccount({
-                    termsOfServiceAgreed: true
+                    termsOfServiceAgreed: true,
                }));
            });
            it('should create an account', async () => {
                testAccount = await testClient.createAccount({
-                    termsOfServiceAgreed: true
+                    termsOfServiceAgreed: true,
                });
                spec.rfc8555.account(testAccount);
@@ -217,7 +210,6 @@ describe('client', () => {
                assert.isString(testAccountUrl);
            });
            /**
             * Create account with alternate key sizes
             */
@@ -226,11 +218,11 @@ describe('client', () => {
                it(`should create account with key=${k}`, async () => {
                    const client = new acme.Client({
                        ...clientOpts,
-                        accountKey: await altKeyFn()
+                        accountKey: await altKeyFn(),
                    });
                    const account = await client.createAccount({
-                        termsOfServiceAgreed: true
+                        termsOfServiceAgreed: true,
                    });
                    spec.rfc8555.account(account);
@@ -238,7 +230,6 @@ describe('client', () => {
                });
            });
            /**
             * Find existing account using secondary client
             */
@@ -246,22 +237,22 @@ describe('client', () => {
            it('should throw when trying to find account using invalid account key', async () => {
                const client = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountSecondaryKey
+                    accountKey: testAccountSecondaryKey,
                });
                await assert.isRejected(client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                }));
            });
            it('should find existing account using account key', async () => {
                const client = new acme.Client({
                    ...clientOpts,
-                    accountKey: testAccountKey
+                    accountKey: testAccountKey,
                });
                const account = await client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });
                spec.rfc8555.account(account);
@@ -269,7 +260,6 @@ describe('client', () => {
                assert.deepStrictEqual(account.key, testAccount.key);
            });
            /**
             * Account URL
             */
@@ -278,7 +268,7 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    accountUrl: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/1'
+                    accountUrl: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/1',
                });
                await assert.isRejected(client.updateAccount());
@@ -288,11 +278,11 @@ describe('client', () => {
                const client = new acme.Client({
                    ...clientOpts,
                    accountKey: testAccountKey,
-                    accountUrl: testAccountUrl
+                    accountUrl: testAccountUrl,
                });
                const account = await client.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });
                spec.rfc8555.account(account);
@@ -300,7 +290,6 @@ describe('client', () => {
                assert.deepStrictEqual(account.key, testAccount.key);
            });
            /**
             * Update account contact info
             */
@@ -316,7 +305,6 @@ describe('client', () => {
                assert.include(account.contact, testContact);
            });
            /**
             * Change account private key
             */
@@ -329,7 +317,7 @@ describe('client', () => {
                await testClient.updateAccountKey(testAccountSecondaryKey);
                const account = await testClient.createAccount({
-                    onlyReturnExisting: true
+                    onlyReturnExisting: true,
                });
                spec.rfc8555.account(account);
@@ -337,7 +325,6 @@ describe('client', () => {
                assert.notDeepEqual(account.key, testAccount.key);
            });
            /**
             * Create new certificate order
             */
@@ -357,7 +344,6 @@ describe('client', () => {
                });
            });
            /**
             * Get status of existing certificate order
             */
@@ -371,7 +357,6 @@ describe('client', () => {
                }));
            });
            /**
             * Get identifier authorization
             */
@@ -401,7 +386,6 @@ describe('client', () => {
                });
            });
            /**
             * Generate challenge key authorization
             */
@@ -418,7 +402,6 @@ describe('client', () => {
                [testKeyAuthorization, testKeyAuthorizationAlpn, testKeyAuthorizationWildcard].forEach((k) => assert.isString(k));
            });
            /**
             * Deactivate identifier authorization
             */
@@ -427,8 +410,8 @@ describe('client', () => {
                const order = await testClient.createOrder({
                    identifiers: [
                        { type: 'dns', value: `${uuid()}.${domainName}` },
-                        { type: 'dns', value: `${uuid()}.${domainName}` }
+                        { type: 'dns', value: `${uuid()}.${domainName}` },
-                    ]
+                    ],
                });
                const authzCollection = await testClient.getAuthorizations(order);
@@ -445,7 +428,6 @@ describe('client', () => {
                });
            });
            /**
             * Verify satisfied challenge
             */
@@ -460,7 +442,6 @@ describe('client', () => {
                await testClient.verifyChallenge(testAuthzWildcard, testChallengeWildcard);
            });
            /**
             * Complete challenge
             */
@@ -474,7 +455,6 @@ describe('client', () => {
                }));
            });
            /**
             * Wait for valid challenge
             */
@@ -483,7 +463,6 @@ describe('client', () => {
                await Promise.all([testChallenge, testChallengeAlpn, testChallengeWildcard].map(async (c) => testClient.waitForValidStatus(c)));
            });
            /**
             * Finalize order
             */
@@ -500,7 +479,6 @@ describe('client', () => {
                assert.strictEqual(testOrderWildcard.url, finalizeWildcard.url);
            });
            /**
             * Wait for valid order
             */
@@ -509,7 +487,6 @@ describe('client', () => {
                await Promise.all([testOrder, testOrderAlpn, testOrderWildcard].map(async (o) => testClient.waitForValidStatus(o)));
            });
            /**
             * Get certificate
             */
@@ -551,7 +528,6 @@ describe('client', () => {
                assert.strictEqual(testIssuers[0], info.issuer.commonName);
            });
            /**
             * Revoke certificate
             */
@@ -568,7 +544,6 @@ describe('client', () => {
                await assert.isRejected(testClient.getCertificate(testOrderWildcard));
            });
            /**
             * Deactivate account
             */
@@ -581,7 +556,6 @@ describe('client', () => {
                assert.strictEqual(account.status, 'deactivated');
            });
            /**
             * Verify that no new orders can be made
             */
--- a/packages/core/acme-client/test/70-auto.spec.js
+++ b/packages/core/acme-client/test/70-auto.spec.js
@@ -18,17 +18,16 @@ const clientOpts = {
    directoryUrl,
    backoffAttempts: 5,
    backoffMin: 1000,
-    backoffMax: 5000
+    backoffMax: 5000,
 };
 if (capEabEnabled && process.env.ACME_EAB_KID && process.env.ACME_EAB_HMAC_KEY) {
    clientOpts.externalAccountBinding = {
        kid: process.env.ACME_EAB_KID,
-        hmacKey: process.env.ACME_EAB_HMAC_KEY
+        hmacKey: process.env.ACME_EAB_HMAC_KEY,
    };
 }
 describe('client.auto', () => {
    const testDomain = `${uuid()}.${domainName}`;
    const testHttpDomain = `${uuid()}.${domainName}`;
@@ -40,10 +39,9 @@ describe('client.auto', () => {
    const testSanDomains = [
        `${uuid()}.${domainName}`,
        `${uuid()}.${domainName}`,
-        `${uuid()}.${domainName}`
+        `${uuid()}.${domainName}`,
    ];
    /**
     * Pebble CTS required
     */
@@ -54,7 +52,6 @@ describe('client.auto', () => {
        }
    });
    /**
     * Key types
     */
@@ -64,16 +61,16 @@ describe('client.auto', () => {
            createKeyFn: () => acme.crypto.createPrivateRsaKey(),
            createKeyAltFns: {
                s1024: () => acme.crypto.createPrivateRsaKey(1024),
-                s4096: () => acme.crypto.createPrivateRsaKey(4096)
+                s4096: () => acme.crypto.createPrivateRsaKey(4096),
-            }
+            },
        },
        ecdsa: {
            createKeyFn: () => acme.crypto.createPrivateEcdsaKey(),
            createKeyAltFns: {
                p384: () => acme.crypto.createPrivateEcdsaKey('P-384'),
-                p521: () => acme.crypto.createPrivateEcdsaKey('P-521')
+                p521: () => acme.crypto.createPrivateEcdsaKey('P-521'),
-            }
+            },
-        }
+        },
    }).forEach(([name, { createKeyFn, createKeyAltFns }]) => {
        describe(name, () => {
            let testIssuers;
@@ -82,7 +79,6 @@ describe('client.auto', () => {
            let testSanCertificate;
            let testWildcardCertificate;
            /**
             * Fixtures
             */
@@ -103,7 +99,6 @@ describe('client.auto', () => {
                });
            });
            /**
             * Initialize client
             */
@@ -111,31 +106,30 @@ describe('client.auto', () => {
            it('should initialize client', async () => {
                testClient = new acme.Client({
                    ...clientOpts,
-                    accountKey: await createKeyFn()
+                    accountKey: await createKeyFn(),
                });
            });
            /**
             * Invalid challenge response
             */
            it('should throw on invalid challenge response', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());
                await assert.isRejected(testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeNoopFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }), /^authorization not found/i);
            });
            it('should throw on invalid challenge response with opts.skipChallengeVerification=true', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());
                await assert.isRejected(testClient.auto({
@@ -143,38 +137,37 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    skipChallengeVerification: true,
                    challengeCreateFn: cts.challengeNoopFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }));
            });
            /**
             * Challenge function exceptions
             */
            it('should throw on challengeCreate exception', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());
                await assert.isRejected(testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeThrowFn,
-                    challengeRemoveFn: cts.challengeNoopFn
+                    challengeRemoveFn: cts.challengeNoopFn,
                }), /^oops$/);
            });
            it('should not throw on challengeRemove exception', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());
                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeThrowFn
+                    challengeRemoveFn: cts.challengeThrowFn,
                });
                assert.isString(cert);
@@ -188,8 +181,8 @@ describe('client.auto', () => {
                        `${uuid()}.${domainName}`,
                        `${uuid()}.${domainName}`,
                        `${uuid()}.${domainName}`,
-                        `${uuid()}.${domainName}`
+                        `${uuid()}.${domainName}`,
-                    ]
+                    ],
                }, await createKeyFn());
                await assert.isRejected(testClient.auto({
@@ -205,28 +198,27 @@ describe('client.auto', () => {
                        results.push(true);
                        return cts.challengeCreateFn(...args);
                    },
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                }));
                assert.strictEqual(results.length, 5);
                assert.deepStrictEqual(results, [false, false, false, true, true]);
            });
            /**
             * Order certificates
             */
            it('should order certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testDomain
+                    commonName: testDomain,
                }, await createKeyFn());
                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });
                assert.isString(cert);
@@ -235,7 +227,7 @@ describe('client.auto', () => {
            it('should order certificate using http-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testHttpDomain
+                    commonName: testHttpDomain,
                }, await createKeyFn());
                const cert = await testClient.auto({
@@ -243,7 +235,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertHttpChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['http-01']
+                    challengePriority: ['http-01'],
                });
                assert.isString(cert);
@@ -251,7 +243,7 @@ describe('client.auto', () => {
            it('should order certificate using https-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testHttpsDomain
+                    commonName: testHttpsDomain,
                }, await createKeyFn());
                const cert = await testClient.auto({
@@ -259,7 +251,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertHttpsChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['http-01']
+                    challengePriority: ['http-01'],
                });
                assert.isString(cert);
@@ -267,7 +259,7 @@ describe('client.auto', () => {
            it('should order certificate using dns-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testDnsDomain
+                    commonName: testDnsDomain,
                }, await createKeyFn());
                const cert = await testClient.auto({
@@ -275,7 +267,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertDnsChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['dns-01']
+                    challengePriority: ['dns-01'],
                });
                assert.isString(cert);
@@ -283,7 +275,7 @@ describe('client.auto', () => {
            it('should order certificate using tls-alpn-01', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testAlpnDomain
+                    commonName: testAlpnDomain,
                }, await createKeyFn());
                const cert = await testClient.auto({
@@ -291,7 +283,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.assertTlsAlpnChallengeCreateFn,
                    challengeRemoveFn: cts.challengeRemoveFn,
-                    challengePriority: ['tls-alpn-01']
+                    challengePriority: ['tls-alpn-01'],
                });
                assert.isString(cert);
@@ -299,15 +291,14 @@ describe('client.auto', () => {
            it('should order san certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testSanDomains[0],
+                    altNames: testSanDomains,
                    altNames: testSanDomains
                }, await createKeyFn());
                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });
                assert.isString(cert);
@@ -316,15 +307,14 @@ describe('client.auto', () => {
            it('should order wildcard certificate', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: testWildcardDomain,
+                    altNames: [testWildcardDomain, `*.${testWildcardDomain}`],
                    altNames: [`*.${testWildcardDomain}`]
                }, await createKeyFn());
                const cert = await testClient.auto({
                    csr,
                    termsOfServiceAgreed: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });
                assert.isString(cert);
@@ -333,7 +323,7 @@ describe('client.auto', () => {
            it('should order certificate with opts.skipChallengeVerification=true', async () => {
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());
                const cert = await testClient.auto({
@@ -341,7 +331,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    skipChallengeVerification: true,
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });
                assert.isString(cert);
@@ -354,7 +344,7 @@ describe('client.auto', () => {
                await Promise.all(testIssuers.map(async (issuer) => {
                    const [, csr] = await acme.crypto.createCsr({
-                        commonName: `${uuid()}.${domainName}`
+                        commonName: `${uuid()}.${domainName}`,
                    }, await createKeyFn());
                    const cert = await testClient.auto({
@@ -362,7 +352,7 @@ describe('client.auto', () => {
                        termsOfServiceAgreed: true,
                        preferredChain: issuer,
                        challengeCreateFn: cts.challengeCreateFn,
-                        challengeRemoveFn: cts.challengeRemoveFn
+                        challengeRemoveFn: cts.challengeRemoveFn,
                    });
                    const rootCert = acme.crypto.splitPemChain(cert).pop();
@@ -378,7 +368,7 @@ describe('client.auto', () => {
                }
                const [, csr] = await acme.crypto.createCsr({
-                    commonName: `${uuid()}.${domainName}`
+                    commonName: `${uuid()}.${domainName}`,
                }, await createKeyFn());
                const cert = await testClient.auto({
@@ -386,7 +376,7 @@ describe('client.auto', () => {
                    termsOfServiceAgreed: true,
                    preferredChain: uuid(),
                    challengeCreateFn: cts.challengeCreateFn,
-                    challengeRemoveFn: cts.challengeRemoveFn
+                    challengeRemoveFn: cts.challengeRemoveFn,
                });
                const rootCert = acme.crypto.splitPemChain(cert).pop();
@@ -395,7 +385,6 @@ describe('client.auto', () => {
                assert.strictEqual(testIssuers[0], info.issuer.commonName);
            });
            /**
             * Order certificate with alternate key sizes
             */
@@ -403,21 +392,20 @@ describe('client.auto', () => {
            Object.entries(createKeyAltFns).forEach(([k, altKeyFn]) => {
                it(`should order certificate with key=${k}`, async () => {
                    const [, csr] = await acme.crypto.createCsr({
-                        commonName: testDomain
+                        commonName: testDomain,
                    }, await altKeyFn());
                    const cert = await testClient.auto({
                        csr,
                        termsOfServiceAgreed: true,
                        challengeCreateFn: cts.challengeCreateFn,
-                        challengeRemoveFn: cts.challengeRemoveFn
+                        challengeRemoveFn: cts.challengeRemoveFn,
                    });
                    assert.isString(cert);
                });
            });
            /**
             * Read certificates
             */
@@ -426,7 +414,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testCertificate);
                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testDomain);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, [testDomain]);
            });
@@ -434,7 +422,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testSanCertificate);
                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testSanDomains[0]);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, testSanDomains);
            });
@@ -442,7 +430,7 @@ describe('client.auto', () => {
                const info = acme.crypto.readCertificateInfo(testWildcardCertificate);
                spec.crypto.certificateInfo(info);
-                assert.strictEqual(info.domains.commonName, testWildcardDomain);
+                assert.isNull(info.domains.commonName);
                assert.deepStrictEqual(info.domains.altNames, [testWildcardDomain, `*.${testWildcardDomain}`]);
            });
        });
--- a/packages/core/acme-client/test/challtestsrv.js
+++ b/packages/core/acme-client/test/challtestsrv.js
@@ -8,7 +8,6 @@ const axios = require('./../src/axios');
 const apiBaseUrl = process.env.ACME_CHALLTESTSRV_URL || null;
 const httpsPort = axios.defaults.acmeSettings.httpsChallengePort || 443;
 /**
 * Send request
 */
@@ -21,20 +20,18 @@ async function request(apiPath, data = {}) {
    await axios.request({
        url: `${apiBaseUrl}/${apiPath}`,
        method: 'post',
-        data
+        data,
    });
    return true;
 }
 /**
 * State
 */
 exports.isEnabled = () => !!apiBaseUrl;
 /**
 * DNS
 */
@@ -42,7 +39,6 @@ exports.isEnabled = () => !!apiBaseUrl;
 exports.addDnsARecord = async (host, addresses) => request('add-a', { host, addresses });
 exports.setDnsCnameRecord = async (host, target) => request('set-cname', { host, target });
 /**
 * Challenge response
 */
@@ -55,7 +51,7 @@ async function addHttps01ChallengeResponse(token, content, targetHostname) {
    await addHttp01ChallengeResponse(token, content);
    return request('add-redirect', {
        path: `/.well-known/acme-challenge/${token}`,
-        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`
+        targetURL: `https://${targetHostname}:${httpsPort}/.well-known/acme-challenge/${token}`,
    });
 }
@@ -72,7 +68,6 @@ exports.addHttps01ChallengeResponse = addHttps01ChallengeResponse;
 exports.addDns01ChallengeResponse = addDns01ChallengeResponse;
 exports.addTlsAlpn01ChallengeResponse = addTlsAlpn01ChallengeResponse;
 /**
 * Challenge response mock functions
 */
--- a/packages/core/acme-client/test/fixtures/letsencrypt.crt
+++ b/packages/core/acme-client/test/fixtures/letsencrypt.crt
@@ -0,0 +1,23 @@
 -----BEGIN CERTIFICATE-----
 MIIDzzCCA1WgAwIBAgISA0ghDoSv5DpT3Pd3lqwjbVDDMAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NjAeFw0yNDA2MTAxNzEyMjZaFw0yNDA5MDgxNzEyMjVaMBQxEjAQBgNVBAMTCWxl
 bmNyLm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEHJ3DjN7pYV3mftHzaP
 V/WI0RhOJnSI5AIFEPFHDi8UowOINRGIfm9FHGIDqrb4Rmyvr9JrrqBdFGDen8BW
 6OGjggJnMIICYzAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
 CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIdCTnxqmpOELDyzPaEM
 seB36lUOMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/WJTSMFUGCCsGAQUF
 BwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVuY3Iub3JnMCIGCCsG
 AQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMG8GA1UdEQRoMGaCCWxlbmNy
 Lm9yZ4IPbGV0c2VuY3J5cHQuY29tgg9sZXRzZW5jcnlwdC5vcmeCDXd3dy5sZW5j
 ci5vcmeCE3d3dy5sZXRzZW5jcnlwdC5jb22CE3d3dy5sZXRzZW5jcnlwdC5vcmcw
 EwYDVR0gBAwwCjAIBgZngQwBAgEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgA/
 F0tP1yJHWJQdZRyEvg0S7ZA3fx+FauvBvyiF7PhkbgAAAZADWfneAAAEAwBHMEUC
 IGlp+dPU2hLT2suTMYkYMlt/xbzSnKLZDA/wYSsPACP7AiEAxbAzx6mkzn0cs0hh
 ti6sLf0pcbmDhxHdlJRjuo6SQZEAdwDf4VbrqgWvtZwPhnGNqMAyTq5W2W6n9aVq
 AdHBO75SXAAAAZADWfqrAAAEAwBIMEYCIQCrAmDUrlX3oGhri1qCIb65Cuf8h2GR
 LC1VfXBenX7dCAIhALXwbhCQ1vO1WLv4CqyihMHOwFaICYqN/N6ylaBlVAM4MAoG
 CCqGSM49BAMDA2gAMGUCMFdgjOXGl+hE2ABDsAeuNq8wi34yTMUHk0KMTOjRAfy9
 rOCGQqvP0myoYlyzXOH9uQIxAMdkG1ZWBZS1dHavbPf1I/MjYpzX6gy0jVHIXXu5
 aYWylBi/Uf2RPj0LWFZh8tNa1Q==
 -----END CERTIFICATE-----
--- a/packages/core/acme-client/test/get-cert-issuers.js
+++ b/packages/core/acme-client/test/get-cert-issuers.js
@@ -7,7 +7,6 @@ const util = require('./../src/util');
 const pebbleManagementUrl = process.env.ACME_PEBBLE_MANAGEMENT_URL || null;
 /**
 * Pebble
 */
@@ -26,7 +25,6 @@ async function getPebbleCertIssuers() {
    return info.map((i) => i.issuer.commonName);
 }
 /**
 * Get certificate issuers
 */
--- a/packages/core/acme-client/test/setup.js
+++ b/packages/core/acme-client/test/setup.js
@@ -7,14 +7,12 @@ const chai = require('chai');
 const chaiAsPromised = require('chai-as-promised');
 const axios = require('./../src/axios');
 /**
 * Add promise support to Chai
 */
 chai.use(chaiAsPromised);
 /**
 * Challenge test server ports
 */
@@ -31,6 +29,12 @@ if (process.env.ACME_TLSALPN_PORT) {
    axios.defaults.acmeSettings.tlsAlpnChallengePort = process.env.ACME_TLSALPN_PORT;
 }
 /**
 * Greatly reduce retry duration while testing
 */
 axios.defaults.acmeSettings.retryMaxAttempts = 3;
 axios.defaults.acmeSettings.retryDefaultDelay = 1;
 /**
 * External account binding
--- a/packages/core/acme-client/test/spec.js
+++ b/packages/core/acme-client/test/spec.js
@@ -7,7 +7,6 @@ const { assert } = require('chai');
 const spec = {};
 module.exports = spec;
 /**
 * ACME
 */
@@ -120,7 +119,6 @@ spec.rfc8555.challenge = (obj) => {
    }
 };
 /**
 * Crypto
 */
@@ -150,7 +148,6 @@ spec.crypto.certificateInfo = (obj) => {
    assert.strictEqual(Object.prototype.toString.call(obj.notAfter), '[object Date]');
 };
 /**
 * JWK
 */
--- a/packages/core/acme-client/types/index.d.ts
+++ b/packages/core/acme-client/types/index.d.ts
@@ -15,7 +15,6 @@ export type PublicKeyString = string;
 export type CertificateString = string;
 export type CsrString = string;
 /**
 * Augmented ACME interfaces
 */
@@ -28,7 +27,6 @@ export interface Authorization extends rfc8555.Authorization {
    url: string;
 }
 /**
 * Client
 */
@@ -80,7 +78,6 @@ export class Client {
    auto(opts: ClientAutoOptions): Promise<string>;
 }
 /**
 * Directory URLs
 */
@@ -90,6 +87,10 @@ export const directory: {
        staging: string,
        production: string
    },
    google: {
        staging: string,
        production: string
    },
    letsencrypt: {
        staging: string,
        production: string
@@ -99,7 +100,6 @@ export const directory: {
    }
 };
 /**
 * Crypto
 */
@@ -177,14 +177,12 @@ export interface CryptoLegacyInterface {
 export const forge: CryptoLegacyInterface;
 /**
 * Axios
 */
 export const axios: AxiosInstance;
 /**
 * Logger
 */
--- a/packages/core/acme-client/types/index.test-d.ts
+++ b/packages/core/acme-client/types/index.test-d.ts
@@ -4,7 +4,6 @@
 import * as acme from 'acme-client';
 (async () => {
    /* Client */
    const accountKey = await acme.crypto.createPrivateKey();
--- a/packages/core/acme-client/types/rfc8555.d.ts
+++ b/packages/core/acme-client/types/rfc8555.d.ts
@@ -27,7 +27,6 @@ export interface AccountUpdateRequest {
    termsOfServiceAgreed?: boolean;
 }
 /**
 * Order
 *
@@ -53,7 +52,6 @@ export interface OrderCreateRequest {
    notAfter?: string;
 }
 /**
 * Authorization
 *
@@ -73,7 +71,6 @@ export interface Identifier {
    value: string;
 }
 /**
 * Challenge
 *
@@ -102,7 +99,6 @@ export interface DnsChallenge extends ChallengeAbstract {
 export type Challenge = HttpChallenge | DnsChallenge;
 /**
 * Certificate
 *
Author	SHA1	Message	Date
GitHub Actions Bot	e5edfbfa6d	🔱: [acme] sync upgrade with 6 commits [trident-sync] Bump v5.4.0 Bump dependencies Retry HTTP requests on server errors or when rate limited Forgot to refresh directory timestamp after successful get Add utility method tests	2024-07-16 19:24:08 +00:00
GitHub Actions Bot	86e64af35c	🔱: [acme] sync upgrade with 5 commits [trident-sync] Temp remove Node v22 from matrix, broke CNAME tests Invalidate ACME directory cache after 24 hours Directory URLs for Google ACME provider Bump Pebble v2.6.0	2024-07-15 19:24:17 +00:00
GitHub Actions Bot	162e10909b	🔱: [acme] sync upgrade with 7 commits [trident-sync] Small crypto docs fix 2 Small crypto docs fix Bump v5.3.1 Discourage use of cert subject common name, examples and docs Style refactor docs and examples Bump dependencies	2024-05-23 19:24:12 +00:00
GitHub Actions Bot	0f1ae6ccd9	🔱: [acme] sync upgrade with 3 commits [trident-sync] Clean up eslintrc, style refactor and formatting fixes Update auto.js see https://github.com/publishlab/node-acme-client/issues/88#issuecomment-2105255828	2024-05-22 19:24:07 +00:00
GitHub Actions Bot	c9d5cda953	🔱: [acme] sync upgrade with 7 commits [trident-sync] Add Node v22 to test matrix Postpone Pebble bump, v2.5.1 broke EAB tests Bump Pebble v2.5.1 Allow client.auto() being called with an empty CSR common name Carry EAB over to new HttpClient when updating account key Ignore actrc	2024-05-21 19:24:05 +00:00