Order URL / notAfter
When sending a `notAfter` value (set to 1 day in the future for example) to the order url https://api.test4.buypass.no/acme-v02/new-order the value seems to be ignored and I get a certificate with a lifetime of 180 days.
According to https://datatracker.ietf.org/doc/html/rfc8555#section-7.4:
The server MUST return an error if it cannot fulfill the request as specified, and it MUST NOT issue a certificate with contents other than those requested. If the server requires the request to be modified in a certain way, it should indicate the required changes using an appropriate error type and description. If the server is willing to issue the requested certificate, it responds with a 201 (Created) response. The body of this response is an order object reflecting the client's request and any authorizations the client must complete before the certificate will be issued.
thank you for the response! Sorry for being unclear in my question. I'm aware that the lifetime is fixed (180 days).
The problem arises if users of my ACME-Client set a "notAfter" value, then this value gets silently ignored by the server. So the user gets something he did not request.
The RFC says that the server MUST NOT isse a certificate if it cannot fulfill the request as specified, instead the server MUST return an error.
My question is, if you have plans to align your ACME implementation with the RFC in this respect?