On 2025-06-11 23:11 +02, Theo Buehler <tb@theobuehler.org> wrote:
> On Wed, Jun 11, 2025 at 08:34:29PM +0200, Florian Obser wrote:
>> 
>> Found with pebble.
>> 
>> RFC 8555 6.5 has:
>> 
>>    When a server rejects a request because its nonce value was
>>    unacceptable (or not present), it MUST provide HTTP status code 400
>>    (Bad Request), and indicate the ACME error type
>>    "urn:ietf:params:acme:error:badNonce".  An error response with the
>>    "badNonce" error type MUST include a Replay-Nonce header field with a
>>    fresh nonce that the server will accept in a retry of the original
>>    query (and possibly in other requests, according to the server's
>>    nonce scoping policy).  On receiving such a response, a client SHOULD
>>    retry the request using the new nonce.
>> [...]
>>                                                           However, when
>>    retrying in response to a "badNonce" error, the client MUST use the
>>    nonce provided in the error response.
>> 
>> OK?
>
> Unless you really want to keep the warnx("GOTO AGAIN"), it's probably
> better to commit it without it.

ugh, thanks for catching that.

>
> ok tb
>

-- 
In my defence, I have been left unsupervised.