Summary
The ACME draft specification says successful HTTP HEAD requests to the new-nonce endpoint should return HTTP status code 200 (OK). Let’s Encrypt’s ACME v2 API has been incorrectly returning HTTP status code 204 (no content) for successful HEAD requests. We will be changing the ACME v2 staging API to fix this on Wednesday January 16th (Edit: This is now live in staging) and proceeding to the ACME v2 production API on Thursday January 24th (Edit: This is now live in production as well). GET requests to the new-nonce endpoint will continue to return HTTP Status 204 per the specification.
Background
Section 7.2, “Getting a Nonce”, of the current protocol draft (draft-ietf-acme-acme-18 at the time of writing) describes two HTTP status codes that may be returned to clients that make successful requests to the new-nonce endpoint:
- HTTP Status 204 (no content) for successful GET requests
- HTTP Status 200 (OK) for successful HEAD requests
Let’s Encrypt has been mistakenly returning status 204 for all successful requests, regardless of whether they were using HTTP method GET or HEAD.
Affected clients
If your ACME client is ACME v2 compatible, uses HEAD requests to the new-nonce endpoint to get nonces, and is programmed to expect a HTTP status 204 response as an indicator of success you may have difficulty issuing or renewing certificates after January 17th. You can test your client and any required fixes ahead of the staging and production API changes by using the Pebble ACME test server in -strict mode. Please ensure you’re using a Pebble clone with the fix (2132a88).
Thanks!