From 2afa9f4697d68973edde30cbea3b33d09c95ef64 Mon Sep 17 00:00:00 2001
From: Shiloh Heurich <sheurich@fastly.com>
Date: Mon, 5 Feb 2024 18:18:12 -0500
Subject: [PATCH] fix: validation label as leaf of _acme-challenge

---
 va/va.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/va/va.go b/va/va.go
index 909d8164..82fd1a40 100644
--- a/va/va.go
+++ b/va/va.go
@@ -346,11 +346,11 @@ func (va VAImpl) validateDNS01(task *vaTask) *core.ValidationRecord {
 }
 
 func (va VAImpl) validateDNSACCOUNT01(task *vaTask) *core.ValidationRecord {
-	const dnsacc01Prefix = "_acme-challenge_"
+	const dnsacct01Prefix = "_acme-challenge"
 	hash := sha256.Sum256([]byte(task.AcctURL))
 	urlhash := strings.ToLower(base32.StdEncoding.EncodeToString(hash[0:10]))
 	//its 0 to 9th byte include both 0th and 9th so we end 10 here
-	challengeSubdomain := fmt.Sprintf("%s%s.%s", dnsacc01Prefix, urlhash, task.Identifier.Value)
+	challengeSubdomain := fmt.Sprintf("_%s.%s.%s", urlhash, dnsacct01Prefix, task.Identifier.Value)
 
 	result := &core.ValidationRecord{
 		URL:         challengeSubdomain,