On 2025-06-08 12:37 -06, Zack Newman <zack@philomathiclife.com> wrote:
>> any idea why?
>
> To "force" clients to behave properly
> (https://github.com/letsencrypt/pebble?tab=readme-ov-file#invalid-anti-replay-nonce-errors).
>

Indeed, sorry, I forgot to mention this publicly. The idea is to use
pebble for regress/usr.sbin/acme-client.

1) We can run the regress test completely locally without needing httpd
exposed to the internet on the regress machine
2) pebble prods and pokes RFC corner cases and common mistakes in acme
clients, so not handling nonce errors is a bug in acme-client(1) I have
to fix.

-- 
In my defence, I have been left unsupervised.