Is there more information about the added benefit of updating renewal information in regards to the renewed flag?
I am asking because this puts some burden on clients that, so far, did not have to track the state of "old" certificates. User, for now, are able to wipe their local certs and thus reset the ACME client in case they got stuck somewhere or just for purely forcing a renewal. This would make any action on the new state (or lack of) by the CA doubtful.
Also, there are scenarios where users switch from one CA to another, so clients would need to contact the previous CA on renewal somewhere else. Should that lead to errors, the client is stuck in the process between two ACME CAs somewhat. This would mean that there is a "signoff" procedure with retries and error reporting etc.
If this feature is regarded as purely optional, my estimation would be that support is a single-attempt best effort, if implemented at all. Given the complications described, I fail to imagine what a CA expects to accomplish. Thus my question.
Is there more information about the added benefit of updating renewal information in regards to the
renewedflag?I am asking because this puts some burden on clients that, so far, did not have to track the state of "old" certificates. User, for now, are able to wipe their local certs and thus reset the ACME client in case they got stuck somewhere or just for purely forcing a renewal. This would make any action on the new state (or lack of) by the CA doubtful.
Also, there are scenarios where users switch from one CA to another, so clients would need to contact the previous CA on renewal somewhere else. Should that lead to errors, the client is stuck in the process between two ACME CAs somewhat. This would mean that there is a "signoff" procedure with retries and error reporting etc.
If this feature is regarded as purely optional, my estimation would be that support is a single-attempt best effort, if implemented at all. Given the complications described, I fail to imagine what a CA expects to accomplish. Thus my question.
Thanks for your time.