Comments (4)
No worries. The Get-PAAccount -Refresh
actually used to happen more frequently under the hood as a way to more gracefully prevent errors that would come up if an account had been deactivated elsewhere. But I took most of them out a while back to make things more efficient and because an annoying number of commercial CAs didn't actually support POST-as-GET requests on the account object for some dumb reason. There's actually a switch Set-PAServer -UseAltAccountRefresh
switch to change how the module does account refreshes to use the newAcct endpoint with onlyReturnExisting
as a workaround for those broken CAs.
In any case, yeah. We can close this I think.
from posh-acme.
Hah! I didn't notice the author at first when originally reviewing this thread, I'll just drop it without further comment. :)
https://community.letsencrypt.org/t/should-clients-expect-acme-server-may-drop-accounts/193503/4
from posh-acme.
Hey @jamesaepp, thanks for reaching out. As far as I can tell, there's no way to query the current value of termsOfServiceAgreed
on an account. Both a standard POST-as-GET request on the account and a new account request with the onlyReturnExisting
flag only return the status, public key info, contact, and some other metadata. The RFC basically says it's a write-only property on the account that is accepted during account creation. It's also explicitly ignored in an account update request.
Section 7.3.3 talks about what happens if a CA needs to change their ToS and require users to accept those changes. It basically involves the CA throwing an ACME error on subsequent requests with a URL link intended for a human to use to re-accept the ToS for that account.
From the perspective of "Is this account still sane?", I think the status
field on the account should be sufficient for that purpose at least as far as the ACME protocol is concerned. You can get the current status value with Get-PAAccount -Refresh
which explicitly does a POST-as-GET on the account object to check for updates (such as an account being deactivated elsewhere).
from posh-acme.
@rmbolger I totally missed the -Refresh parameter, thank you! With that parameter, I think that solves the goal I mentioned and you referenced in your last paragraph.
Not sure if we want to keep this feature request or not given your other research into the ToS and (seemingly) lack of utility with the onlyReturnExisting bool.
from posh-acme.
Related Issues (20)
- The CSR MUST indicate the exact same set of requested identifiers as the initial newOrder request. HOT 3
- Condition based on result of Submit-Renewal or Install-PACertificate HOT 1
- DNS problem: NXDOMAIN looking up TXT: Azure plugin, manual plugin HOT 3
- godaddy wildcard issues HOT 10
- Error Thrown with large SAN List HOT 4
- Timeout with WebSelfHost on Server 2022 and some 2019 HOT 4
- ClouDNS PlugIn Fails GET Requeset HOT 2
- Set-PAOrder revokes certificate when -Force used, even with -RevokeCert:$false HOT 1
- [WebRoot Plugin] Support for Network Share Credentials HOT 3
- Is there a reason that the (Get-PACertificate).RenewAfter property is a [System.String] when the NotBefore and NotAfter are [datetime]? HOT 2
- How to use with PowerDNS, can't fins DNS-plugin? HOT 12
- Feedback Request: Dropping Support for PowerShell 5.1 HOT 5
- 1year / 365 days cert ZeroSSL (aka Lifetime LifetimeDays variable) HOT 8
- WEDOS DNS support ? HOT 5
- Multiple Accounts with DigiCert HOT 4
- Cloudflare Plug In fails to convert String to SecureString HOT 7
- Submit-Renewal doesn't appear to follow ErrorAction HOT 2
- Is there a full list of supported fields for -Subject? HOT 3
- 404 on Submit-ChallengeValidation when using LetsEncrypt Staging HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.