kelunik
commented
8 years ago The spec is actually not consistent here. Sent a message to the mailing list: https://mailarchive.ietf.org/arch/msg/acme/HV7CtvBZ2bIvPcy2y9JC-Cubv9E
Closed kfeutz closed 8 years ago
kelunik
commented
8 years ago The spec is actually not consistent here. Sent a message to the mailing list: https://mailarchive.ietf.org/arch/msg/acme/HV7CtvBZ2bIvPcy2y9JC-Cubv9E
kfeutz
commented
8 years ago Awesome, thanks.
kelunik
commented
8 years ago Will merge it for now.
badNonce error checking was checking for the wrong response "type" and therefore never auto-retried on failed POSTs due to bad nonces. Let's Encrypt server responds to bad nonces with the response type set to "urn:acme:error:badNonce", not "urn:acme:badNonce". See example response output bellow:
Also see line 22 of the Let's Encrypt acme "messages.py" implementation: https://github.com/letsencrypt/letsencrypt/blob/master/acme/acme/messages.py
I left in the check for "urn:acme:badNonce" because this is the ACME error code specified in the IETF ACME draft.