rejectedIdentifier: Better diagnosis

[fubar-coder]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

I had the problem that Step CA returned a urn:ietf:params:acme:error:rejectedIdentifier and the only error I got was The server will not issue certificates for the identifier. No further information was available and setting STEPDEBUG to 1 didn't log further information. My problem with this error was, that - even though Step CA returned the identifier to the client (Posh-ACME), Step-CA didn't even try to request the verification file for http-01 method.

I propose that the project returns much better (detailed) information when rejectedIdentifier gets returned.

Why is this needed?

It'd help with problem diagnosis - especially when working with Posh-ACME.