aarongable
commented
2 years ago Looks good! We should clarify a bit what we mean by hex-encoded: is lowercase acceptable?
Good call. I've pulled "case-insensitive hex-encoded" out of the three bullet points to the paragraph above, and referenced RFC 4648, Section 8, for that.
Instead of providing renewalInfo URLs inside order objects, requiring the ACME client to persist the URL in order to query it on a regular basis, allow renewalInfo URLs to be constructable given only existing client configuration (i.e. the URL of the directory) and the certificate itself.
This allows stateless clients to not need to persist additional data, and allows external monitoring tools to poll for renewal information without being privy to order objects, at the cost of requiring two API calls (one for the directory, one for the renewalInfo) each time a client checks in.
Part of #4