From cb37738a6d96c997be7c1f79b6a338aa4fcd3f02 Mon Sep 17 00:00:00 2001
From: Fang-Pen Lin <hello@fangpenlin.com>
Date: Wed, 10 Dec 2025 16:50:15 -0800
Subject: [PATCH] Try to fix skip challenge

---
 .../ee/services/pki-acme/pki-acme-service.ts  | 22 ++++++++++---------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/backend/src/ee/services/pki-acme/pki-acme-service.ts b/backend/src/ee/services/pki-acme/pki-acme-service.ts
index f34f489093..b3ed7b5339 100644
--- a/backend/src/ee/services/pki-acme/pki-acme-service.ts
+++ b/backend/src/ee/services/pki-acme/pki-acme-service.ts
@@ -613,7 +613,7 @@ export const pkiAcmeServiceFactory = ({
           const auth = await acmeAuthDAL.create(
             {
               accountId: account.id,
-              status: AcmeAuthStatus.Pending,
+              status: skipDnsOwnershipVerification ? AcmeAuthStatus.Valid : AcmeAuthStatus.Pending,
               identifierType: identifier.type,
               identifierValue: identifier.value,
               // RFC 8555 suggests a token with at least 128 bits of entropy
@@ -625,15 +625,17 @@ export const pkiAcmeServiceFactory = ({
             },
             tx
           );
-          // TODO: support other challenge types here. Currently only HTTP-01 is supported.
-          await acmeChallengeDAL.create(
-            {
-              authId: auth.id,
-              status: skipDnsOwnershipVerification ? AcmeChallengeStatus.Valid : AcmeChallengeStatus.Pending,
-              type: AcmeChallengeType.HTTP_01
-            },
-            tx
-          );
+          if (!skipDnsOwnershipVerification) {
+            // TODO: support other challenge types here. Currently only HTTP-01 is supported.
+            await acmeChallengeDAL.create(
+              {
+                authId: auth.id,
+                status: AcmeChallengeStatus.Pending,
+                type: AcmeChallengeType.HTTP_01
+              },
+              tx
+            );
+          }
           return auth;
         })
       );