acme

The OAuth2Client library has been deprecated by Google since 2018, and there is a replacement library google-auth.

https://github.com/certbot/certbot/blob/8b610239bfcf7aac06f6e36d09a5abba3ba87047/certbot-dns-google/certbot_dns_google/_internal/dns_google.py#L8

The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi

Beyonce said it best. If you like it then you shoulda put a test on it. Scenarios I like:

• Cert is created with right DN
• Cert is stored to X509Store after creation
• Cert request is not resubmitted
• Handles failures gracefully
• HTTP challenge/response works as expected
• Certificate renewal when cert is about to expiration

As @rjkroege mentioned in rjkroege/edwood#288 tokenizing the results of the getarg function would allow for more robust parsing of the given arguments.