RFC Errata

Errata Search
RFC Number:		Errata ID:

Source of RFC		Status:
Area Acronym:		Type:
WG Acronym:		Submitter Name:
Other:		Date Submitted:
Summary Table Full Records

RFC 8555, "Automatic Certificate Management Environment (ACME)", March 2019

Source of RFC: acme (sec)

Errata ID: 8381
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Erik Nygren
Date Reported: 2025-04-15

Section 8.3 says:

   3.  Dereference the URL using an HTTP GET request.  This request MUST
       be sent to TCP port 80 on the HTTP server.

It should say:

   3.  Dereference the URL using an HTTP GET request.  This request MUST
       be sent to TCP port 80 on the HTTP server.  (The HTTP client must
       not resolve and/or must ignore any HTTPS DNS RRs [RFC 9460].)

Notes:

Doing a DNS lookup of an HTTPS DNS RR [RFC 9460] might force the client to switch from HTTP to HTTPS scheme which would break HTTP-01 lookups. The RFC8555 text is clear that "request MUST be sent to TCP port 80 on the HTTP server" which would be violated if the validating client did an HTTPS RR lookup in the DNS and followed the instructions in RFC 9460 section 9.5.

Report New Errata

Search RFCs

RFC Editor

The Series

For Authors

Sponsor

RFC Errata

Errata Search

RFC 8555, "Automatic Certificate Management Environment (ACME)", March 2019