go-acme icon indicating copy to clipboard operation
go-acme copied to clipboard
verified publisher icon ericchiang

fix acme retry condition

Open mingshun opened this issue 8 years ago • 2 comments

Refer to the ACME protocol on https://tools.ietf.org/id/draft-ietf-acme-acme-01.xml:

To avoid unnecessary renewals, the CA may choose not to issue a renewed certificate until it receives such a request (if it even allows renewal at all). In such cases, if the CA requires some time to generate the new certificate, the CA MUST return a 202 (Accepted) response, with a Retry-After header field that indicates when the new certificate will be available. The CA MAY include the current (non-renewed) certificate as the body of the response.

When renewing a certificate, the body of the response will be the non-renewed certificate if the certificate is not available. The code should not check if the body of the response is empty. It should check if the status code of the response is 202 based on the ACME protocol.

mingshun avatar Mar 08 '17 01:03 mingshun

Fine to merge this but this package is largely un-maintained. I'd strongly recommend taking a look at godoc.org/golang.org/x/crypto/acme instead

ericchiang avatar Mar 08 '17 06:03 ericchiang

Thanks for the recommendation.

mingshun avatar Mar 08 '17 06:03 mingshun