search

kelunik / acme

Async ACME library written in PHP based on the Amp concurrency framework.
MIT License
122 stars 17 forks source link

Location header in FinalizeOrder response #40

Open ramonschriks opened 1 year ago

ramonschriks commented 1 year ago

Issue mentioned in: https://community.letsencrypt.org/t/breaking-changes-in-asynchronous-order-finalization-api/195882

Our client implementation was relying on the finalizeOrder response, which should return the Order object. However, it looks like the finalizeOrder response does not longer contain the location uri for the order as of today.

Therefor, we needed to update our implementation to resolve the order once again after finalising the order.

AcmeService.php -> finalizeOrder

      if ($response->getStatus() === 200) {
            return Order::fromResponse($response->getHeader('location'), $response->getBody()->buffer());
        }
kelunik commented 1 year ago

@ramonschriks Thanks for reporting! Do you have time for a PR?

ramonschriks commented 1 year ago

Not sure if its not working under certain conditions, since the RFC 8555 tells us that the finalize order response (in case of valid) still gives us the location header containing the order URI

In our case, we resolve the order once again using the known order uri after finalising. So we ignore the response of the finalize order request. Im currently not able to test the boulder API at this point to check the actual response in case of a valid finalisation of the order.