x/crypto/acme/autocert: TestGetCertificate failure with “multiple accounts are not implemented”

[bcmills]

--- FAIL: TestGetCertificate (1.12s)
    --- FAIL: TestGetCertificate/provideExternalAuth (0.02s)
        ca.go:269: GET /
        ca.go:269: GET /
        ca.go:269: POST /new-account
        ca.go:269: POST /new-order
        ca.go:269: POST /authz/0
        ca.go:269: POST /challenge/tls-alpn-01/0
        ca.go:606: validated "tls-alpn-01" for "example.org", err: <nil>
        ca.go:607: authz 0 is now valid
        ca.go:631: order 0 is now ready
        ca.go:269: POST /authz/0
        ca.go:269: POST /orders/0
        ca.go:269: POST /new-account
        ca.go:204: multiple accounts are not implemented
        ca.go:269: POST /new-cert/0
        ca.go:269: POST /issued-cert/0
FAIL
exitcode=1
FAIL	golang.org/x/crypto/acme/autocert	45.963s

greplogs --dashboard -md -l -e 'FAIL: TestGetCertificate ' --since=2022-01-01

2022-04-21T22:10:49-7b82a4e-bb004a1/android-amd64-emu

Leaving in the backlog since this is the first failure I've seen with this mode and it's not on a first-class port.

However, it's not entirely clear to me what even failed here — @golang/security, it might be worth improving the test to produce more useful test failures in case this recurs.

[bcmills]

This failure does not appear to be platform-specific:
greplogs --dashboard -md -l -e 'FAIL: TestGetCertificate ' --since=2022-01-01
2022-09-14T11:32:35-c86fa9a-585c438/dragonfly-amd64-622
2022-08-26T15:24:31-5757bc0-1211a62/windows-arm64-11
2022-04-21T22:10:49-7b82a4e-bb004a1/android-amd64-emu

[bcmills]

@golang/security, could someone on your team either fix this test, or add a skip for this failure mode if it is not a priority to fix?

[rolandshoemaker]

The entire end-to-end acme/autocert test suite has turned out to be rather flakey, and extremely hard to diagnose, as evidenced by seemingly three different failure modes exhibited in the above logs.

I want to sit down and do a significant rewrite of this test suite, but that's going to take a non-insignificant amount of time. I'm not entirely sure what we should do until then. I don't think we can really narrow when to skip down to narrowly excise these particular failures, because we're not entirely sure what is causing them (and there isn't one distinct failure to skip). I guess we could just skip the entire end-to-end test suite, but that also seems not ideal, so I'm somewhat conflicted.

[rolandshoemaker]

In typical fashion after staring at this problem long enough I might see a root cause, although I'm still not entirely sure how to fix it.

[gopherbot]

Change https://go.dev/cl/433016 mentions this issue: acme/autocert: fix renewal timer issue