Title: #5119: Require an ipa-ca SAN on 3rd party certs if ACME is enabled
Require an ipa-ca SAN on 3rd party certs if ACME is enabled
ACME requires an ipa-ca SAN to have a fixed URL to connect to.
If the Apache certificate is replaced by a 3rd party cert then
it must provide this SAN otherwise it will break ACME.
Add a status option to ipa-acme-manage.
Marking as ipa-next since I'm sure yet if ACME is going to be backported to ipa-4-8.
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5119/head:pr5119
git checkout pr5119