ACME v2 - Changing "Challenges" returned for invalid/valid authorizations

On January 2nd, 2020 we will be enabling a change in our production ACME v2 environment that will alter how the “challenges” field of authorization resources are returned to better match RFC 8555.

After Jan 2nd we will be returning the “challenges” field of authorization resources based on the description in RFC 8555 Section 7.1.4:

For pending authorizations, the challenges that the client can fulfill in order to prove possession of the identifier. For valid authorizations, the challenge that was validated. For invalid authorizations, the challenge that was attempted and failed.

Prior to this change the Let’s Encrypt’s ACME v2 API returned a full list of challenges for valid and invalid authorizations, not just the challenge that was validated or attempted and failed.

This change should have no effect on RFC 8555 compliant ACME clients. If you want to test this change will not affect your client ahead of Jan 2nd you can use the Staging Environment or Pebble. Both of these environments already use the correct behaviour when returning the “challenges” field of an authorization.

Thank you,

7 Likes