From aab54da9a275a9b818193bd3711d182adbdb6413 Mon Sep 17 00:00:00 2001
From: seph <github@directionless.org>
Date: Thu, 24 Oct 2019 18:28:26 -0400
Subject: [PATCH] Don't deactivate valid authorizations (#996)

---
 certificate/authorization.go | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/certificate/authorization.go b/certificate/authorization.go
index 7721149d..f93413f0 100644
--- a/certificate/authorization.go
+++ b/certificate/authorization.go
@@ -61,9 +61,21 @@ func (c *Certifier) getAuthorizations(order acme.ExtendedOrder) ([]acme.Authoriz
 }
 
 func (c *Certifier) deactivateAuthorizations(order acme.ExtendedOrder) {
-	for _, auth := range order.Authorizations {
-		if c.core.Authorizations.Deactivate(auth) != nil {
-			log.Infof("Unable to deactivate the authorization: %s", auth)
+	for _, authzURL := range order.Authorizations {
+		auth, err := c.core.Authorizations.Get(authzURL)
+		if err != nil {
+			log.Infof("Unable to get the authorization for: %s", authzURL)
+			continue
+		}
+
+		if auth.Status == acme.StatusValid {
+			log.Infof("Skipping deactivating of valid auth: %s", authzURL)
+			continue
+		}
+
+		log.Infof("Deactivating auth: %s", authzURL)
+		if c.core.Authorizations.Deactivate(authzURL) != nil {
+			log.Infof("Unable to deactivate the authorization: %s", authzURL)
 		}
 	}
 }