diff --git a/lib/acme.js b/lib/acme.js
index 5bb6da6..87668c4 100644
--- a/lib/acme.js
+++ b/lib/acme.js
@@ -284,10 +284,6 @@ ACME._testChallengeOptions = function () {
   ];
 };
 ACME._testChallenges = function (me, options) {
-  if (me.skipChallengeTest) {
-    return Promise.resolve();
-  }
-
   var CHECK_DELAY = 0;
   return Promise.all(options.domains.map(function (identifierValue) {
     // TODO we really only need one to pass, not all to pass
@@ -307,6 +303,12 @@ ACME._testChallenges = function (me, options) {
           + " You must enable one of ( " + suitable + " )."
       ));
     }
+
+    // TODO remove skipChallengeTest
+    if (me.skipDryRun || me.skipChallengeTest) {
+      return null;
+    }
+
     if ('dns-01' === challenge.type) {
       // Give the nameservers a moment to propagate
       CHECK_DELAY = 1.5 * 1000;
@@ -327,12 +329,15 @@ ACME._testChallenges = function (me, options) {
       // (and protecting against challenge failure rate limits)
       var dryrun = true;
       return ACME._challengeToAuth(me, options, results, challenge, dryrun).then(function (auth) {
+        if (!me._canUse[auth.type]) { return; }
         return ACME._setChallenge(me, options, auth).then(function () {
           return auth;
         });
       });
     });
   })).then(function (auths) {
+    auths = auths.filter(Boolean);
+    if (!auths.length) { /*skip actual test*/ return; }
     return ACME._wait(CHECK_DELAY).then(function () {
       return Promise.all(auths.map(function (auth) {
         return ACME.challengeTests[auth.type](me, auth).then(function (result) {
@@ -712,6 +717,7 @@ ACME._getCertificate = function (me, options) {
     }).then(function (resp) {
       var location = resp.headers.location;
       var setAuths;
+      var validAuths = [];
       var auths = [];
       if (me.debug) { console.debug('[ordered]', location); } // the account id url
       if (me.debug) { console.debug(resp); }
@@ -756,16 +762,32 @@ ACME._getCertificate = function (me, options) {
         });
       }
 
-      function challengeNext() {
+      function checkNext() {
         var auth = auths.shift();
         if (!auth) { return; }
+
+        if (!me._canUse[auth.type] || me.skipChallengeTest) {
+          // not so much "valid" as "not invalid"
+          // but in this case we can't confirm either way
+          validAuths.push(auth);
+          return Promise.resolve();
+        }
+
+        return ACME.challengeTests[auth.type](me, auth).then(function () {
+          validAuths.push(auth);
+        }).then(checkNext);
+      }
+
+      function challengeNext() {
+        var auth = validAuths.shift();
+        if (!auth) { return; }
         return ACME._postChallenge(me, options, auth).then(challengeNext);
       }
 
       // First we set every challenge
       // Then we ask for each challenge to be checked
       // Doing otherwise would potentially cause us to poison our own DNS cache with misses
-      return setNext().then(challengeNext).then(function () {
+      return setNext().then(checkNext).then(challengeNext).then(function () {
         if (me.debug) { console.debug("[getCertificate] next.then"); }
         var validatedDomains = body.identifiers.map(function (ident) {
           return ident.value;
@@ -809,6 +831,7 @@ ACME.create = function create(me) {
   me.challengePrefixes = ACME.challengePrefixes;
   me.Keypairs = me.Keypairs || me.RSA || require('rsa-compat').RSA;
   me._nonces = [];
+  me._canCheck = {};
   if (!me._baseUrl) {
     me._baseUrl = "";
   }
@@ -848,8 +871,8 @@ ACME.create = function create(me) {
     if (!me.skipChallengeTest) {
       p = me.request({ url: me._baseUrl + "/api/_acme_api_/" }).then(function (resp) {
         if (resp.body.success) {
-          me._canCheckHttp01 = true;
-          me._canCheckDns01 = true;
+          me._canCheck['http-01'] = true;
+          me._canCheck['dns-01'] = true;
         }
       }).catch(function () {
         // ignore