We modified the backend to use a more robust approach.
At backend, the RA (Registration Authority) has an IMAP client listening permanently for incoming emails in our IMAP account, where the challenge responses are received. When a user replies an Email Challenge, the response is received and processed by this client to decide whether the challenge response is valid. To guarantee an efficiency and the minimum workload, the client is not listening and asking for new mails all the time. Instead, we use the approach of subscriber push/pull, where the server notifies our client that a new challenge response has arrived.
However, sometimes the server did not respond on due time, causing multiple timeouts and, at the end, making not possible S/MIME certificate issuance to final users. Fortunately, we shifted our client to sleep/wake approach when a new event is triggered. Then, the client is awake to process that event and, if necessary, to process the challenge response and notify the CA to issue a new S/MIME certificate.
The new approach can be tested using the ACME Email Client.
