-
This asynchronous flow has always been specified in RFC8555
[https://datatracker.ietf.org/doc/html/rfc8555#:~:text=A%20request%20to%20finalize%20an%20order%20will%20result%20in%20error,to%20the%20%2…
-
According to RFC8555 there are the options
- sign message with a different account having matching authorizations for the requested certificate
- sign the request with the certificates private key…
-
Section 8.2 of the ACME spec details exactly how client and server retry should be handled during a challenge validation. We should implement this part of the spec. Namely, retry state needs to be inc…
-
So right now our code for both DNS and HTTP DCV checks expect the challenge presented to exactly match the page or DNS record fetched from the target domain. Some feedback has been that this is potent…
-
### Proposal Details
The current RFC 8555, section 7.5.1 "Responding to Challenges" (https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1) states that the client should send an empty JSON body…
-
The script incorrectly waits for HTTP status code 403 instead of 401. (See: https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.6)
The error is found in line 3412 ` elif [ "$code" = "403" ]…
-
An `Undefined array key "certificate"` got thrown when I want to retrieve the certificate. The HTTP selftest and authorization succeeded. Did someone else had a similar issue so far?
```php
$cert…
xolf updated
2 months ago
-
similarities between the two, that should be mentioned
https://datatracker.ietf.org/doc/html/rfc8555#section-7.2
it also brings under discussion the benefit of using HTTP HEAD instead of GET
-
IMHO it would be a nice and useful feature for this role to support [RFC8555](https://www.rfc-editor.org/rfc/rfc8555)-compliant CAs like Let's Encrypt.
With this feature users who don't have a Free…
-
Some CAs may require it to map an account key to some internal account.
Implementation is described in RFC8555#7.3.4 and should be done for API v2.