acme_certificate: be nicer to non-compliant CAs (#832)

* Be nicer to non-compliant CAs.

* Mark as a feature, not a bugfix.

changelogs/fragments/832-acme-challenges.yml

@@ -0,0 +1,3 @@
+minor_changes:
+  - "acme_certificate - add compatibility for ACME CAs that are not fully RFC8555 compliant and do not provide ``challenges`` in authz objects
+    (https://github.com/ansible-collections/community.crypto/issues/824, https://github.com/ansible-collections/community.crypto/pull/832)."

plugins/module_utils/acme/challenges.py

@@ -141,7 +141,12 @@ class Authorization(object):
     def _setup(self, client, data):
         data['uri'] = self.url
         self.data = data
-        self.challenges = [Challenge.from_json(client, challenge) for challenge in data['challenges']]
+        # While 'challenges' is a required field, apparently not every CA cares
+        # (https://github.com/ansible-collections/community.crypto/issues/824)
+        if data.get('challenges'):
+            self.challenges = [Challenge.from_json(client, challenge) for challenge in data['challenges']]
+        else:
+            self.challenges = []
         if client.version == 1 and 'status' not in data:
             # https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-6.1.2
             # "status (required, string): ...