support async finalize order

acme.sh

@@ -3075,6 +3075,7 @@ _on_before_issue() {
       _info "Standalone mode."
       if [ -z "$Le_HTTPPort" ]; then
         Le_HTTPPort=80
+        _cleardomainconf "Le_HTTPPort"
       else
         _savedomainconf "Le_HTTPPort" "$Le_HTTPPort"
       fi
@@ -4218,39 +4219,66 @@ $_authorizations_map"
   der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
 
   if [ "$ACME_VERSION" = "2" ]; then
+    _info "Lets finalize the order, Le_OrderFinalize: $Le_OrderFinalize"
+    if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
+      _err "Sign failed."
+      _on_issue_err "$_post_hook"
+      return 1
+    fi
+    if [ "$code" != "200" ]; then
+      _err "Sign failed, finalize code is not 200."
+      _err "$response"
+      _on_issue_err "$_post_hook"
+      return 1
+    fi
+    Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d " " -f 2)"
+    if [ -z "$Le_LinkOrder" ]; then
+      _err "Sign error, can not get order link location header"
+      _err "responseHeaders" "$responseHeaders"
+      _on_issue_err "$_post_hook"
+      return 1
+    fi
+    _savedomainconf "Le_LinkOrder" "$Le_LinkOrder"
+
     _link_cert_retry=0
     _MAX_CERT_RETRY=5
-    while [ "$_link_cert_retry" -lt "$_MAX_CERT_RETRY" ]; do
-      if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
-        _err "Sign failed."
+    while [ -z "$Le_LinkCert" ] && [ "$_link_cert_retry" -lt "$_MAX_CERT_RETRY" ]; do
+      if _contains "$response" "\"status\":\"valid\""; then
+        _debug "Order status is valid."
+        Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
+        _debug Le_LinkCert "$Le_LinkCert"
+        if [ -z "$Le_LinkCert" ]; then
+          _err "Sign error, can not find Le_LinkCert"
+          _err "$response"
+          _on_issue_err "$_post_hook"
+          return 1
+        fi
+        break
+      elif _contains "$response" "\"processing\""; then
+        _info "Order status is processing, lets sleep and retry."
+        _sleep 2
+      else
+        _err "Sign error, wrong status"
+        _err "$response"
         _on_issue_err "$_post_hook"
         return 1
       fi
-      if [ "$code" != "200" ]; then
-        _err "Sign failed, code is not 200."
+      if ! _send_signed_request "$Le_LinkOrder"; then
+        _err "Sign failed, can not post to Le_LinkOrder cert:$Le_LinkOrder."
         _err "$response"
         _on_issue_err "$_post_hook"
         return 1
       fi
-      Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
-      _debug Le_LinkCert "$Le_LinkCert"
-      _tempSignedResponse="$response"
-      if [ -z "$Le_LinkCert" ]; then
-        if ! _contains "$response" "\"processing\""; then
-          _err "Sign error, wrong status"
-          _err "$response"
-        fi
-      fi
-      if [ "$Le_LinkCert" ]; then
-        break;
-      fi
       _link_cert_retry="$(_math $_link_cert_retry + 1)"
-      _sleep 5
     done
+
     if [ -z "$Le_LinkCert" ]; then
-      _err "Sign failed, can not get Le_LinkCert."
+      _err "Sign failed, can not get Le_LinkCert, retry time limit."
       _err "$response"
+      _on_issue_err "$_post_hook"
+      return 1
     fi
+    _info "Download cert, Le_LinkCert: $Le_LinkCert"
     if ! _send_signed_request "$Le_LinkCert"; then
       _err "Sign failed, can not download cert:$Le_LinkCert."
       _err "$response"
@@ -4269,7 +4297,7 @@ $_authorizations_map"
       _end_n="$(_math $_end_n + 1)"
       sed -n "${_end_n},9999p" "$CERT_FULLCHAIN_PATH" >"$CA_CERT_PATH"
     fi
-    response="$_tempSignedResponse"
+
   else
     if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then
       _err "Sign failed. $response"