Is it necessary that get replay-nonce value first and then attach it on EVERY Request ?
Every response you get will come with another nonce, which you can use for the next request.
So the only time you really need to fetch a new nonce explicitly is at the very start, or in case you get a badNonce error.
Oh, yeah, Great ~~~~
Doesn't the request for the directory listing contain a HTTP header with a nonce already, to be used in future JWS requests?
That is an idiosyncrasy of Boulder, I think. ACME doesn't specify it.
In practice, you won't get one from e.g. https://acme.zerossl.com/v2/DV90.
Well, I guess bootstrapping through newNonce isn't that hard 