RFC 8555, "Automatic Certificate Management Environment (ACME)", March 2019

Errata ID: 7826
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Rob Stradling
Date Reported: 2024-02-28

Section 8.2 says:

The server MUST provide information about its retry state to the 
client via the "error" field in the challenge and the Retry-After 
HTTP header field in response to requests to the challenge resource.

It should say:

In responding to requests to the challenge resource while the status 
of the challenge remains "processing", the server MUST provide 
information about its retry state to the client via the "error" field 
in the challenge and the Retry-After HTTP header field.

Notes:

The current text seems to require the server to include the "error" field and Retry-After HTTP header in all responses to requests for a challenge resource, even before that challenge has moved from "pending" to "processing", and even after that challenge has moved from "processing" to "valid" or "invalid". However, the "State Transitions for Challenge Objects" diagram in Section 7.1.6 shows that it only makes sense for the server to communicate "its retry state" to the client when the challenge is "processing".

I've modelled the structure of my suggested Corrected Text on similar language in Section 7.5.1: "In responding to poll requests while the validation is still in progress, the server MUST...".

Report New Errata