Account Key Rollover RFC 8555 § 7.3.5

[hbellur]

Subject of the issue

Describe your issue here.

Directory object returns key change URL. But server returns 404 when attempting to perform key rollover

Your environment

• OS - Linux (Ubuntu)
• Version - 16.04.6 LTS (Xenial Xerus)

[dopey]

Yep, that's fair. We can remove that.

[dcow]

@dopey where does it say that https://tools.ietf.org/html/rfc8555#section-7.3.5 is optional?

[dopey]

@dcow we don't support it through the ACME api. So we shouldn't be returning it as part of the directory response. Not a question of whether it's optional.

[dcow]

Is that conventional (I don't have tons of experience with ACME clients)? If we remove the key change url do clients know how to proceed? Or will we just get a new issue opened up with whatever error message someone sees when they try to do a key change but the url is not in the directory? Do we have an issue tracking support for § 7.3.5? I agree it's probably better not to list the path if we know we'll just 404 on it if that's our only option. But I wonder, is there perhaps an alternate http status code like "501 not implemented" we could return that more directly informs clients about what's happening?