RFC8555 section 7.3.1 compliance


With my ACMEv2 client implementation  https://github.com/bruncsak/ght-acme.sh I got the following error when trying to retrieve the KID:

HTTP/1.1 400 Bad Request

{"type":"urn:ietf:params:acme:error:unsupportedContact","detail":"The contact is malformed. Supported schemes: [tel:, mailto:]","code":400,"message":"UNSUPPORTED_CONTACT","details":"HTTP 400 Bad Request"}

The section 7.3.1 of RFC8555 is rather precise that:

   The body of this response represents the account object as it existed on
   the server before this request; any fields in the request object MUST
   be ignored.

Your code is checking the body of the request, what is not supposed to be done. I already implemented a workaround in my client, but you may wish to fix that in the server code to avoid the same issue with a different ACME v2 client.

2replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hi Attila


    Thanks for reporting this case. We have added it to the bug tracker.




      • Attila
      • bruat
      • 8 days ago
      • Reported - view

      Hello Andriy Mahats 

      Thanks for adding it to the bug tracker.

      There is some other issue.

      When the account is not authorized to revoke a certificate, your ACME server returns 401 HTTP error code. In the example of the RFC (section 7.6) the error code is 403.




Like Follow
  • 8 days agoLast active
  • 2Replies
  • 21Views
  • 2 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.