OrderBuilder.replaces() functions assume auto-renewal support by the server

[rcc13]

I am trying to use acme4j to implement Acme Renewal Info (ARI) support.

When I call the OrderBuilder.replaces(X509Certificate certificate) to set the certificate to be replaced, it calls OrderBuilder.replaces(String uniqueId) and that in turns calls autoRenewal() which sets autoRenewal=true.

When I subsequently call Order.create(), it does a meta data check for auto-renewal and fails as the ACME server I am working with supports ARI but not STAR.

My work-around was to set OrderBuilder.autoRenewal=false using reflection after calling OrderBuilder.replaces(). This seems to solve the problem as Order.create() no longer does a metadata check for STAR.

It would be great if OrderBuilder.replaces() does not assume STAR, or at least differentiate between STAR and ARI use cases, so that the above work-around is not necessary.

[shred]

Good catch, thank you for the report!

OrderBuilder.replaces() is a part of draft-ietf-acme-ari-03, not RFC 8739, so it makes no sense to set autoRenewal=true here.

I will provide a fix in the next days.

[shred]

Fixed in v3.3.1 which is available on maven central in the next hours.

Feel free to reopen this issue if your problem is not solved.

[rcc13]

Awesome! Thanks @shred