diafygi
commented
3 years ago Do you have any more documentation on this CA that doesn't return a 200 with a Location header for already registered account keys?
From: https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.1
If the server receives a newAccount request signed with a key for which it already has an account registered with the provided account key, then it MUST return a response with status code 200 (OK) and provide the URL of that account in the Location header field.
Closing since this appears to be non-spec behavior.
I need to use a CA that implements the ACME protocol but uses external account binding for the enrollment of the public key of the account. acme-tiny does not implement external account binding (yet). Anyway, with this CA, one cannot re-register the same key to recover the already-registered account. Hence, I suggest to add an option to allow the user to specify the kid of its already-registered account to skip the registration step.