Acmephp/core renew cert

At a high level, nothing. Presumably, you have the account information stored locally. Creating a new order is the first step in getting a certificate if you already have an account.

Depending on how long its been since the last call to an ACME server, the first request would probably give an invalid nonce error. But I’d hope the library knows how to handle that automatically and get a new one.

2 Likes

No information about the account is not present.
Only private key and certificate.
In order to make an order again, you need to somehow confirm that I am the owner of the account.
How should I do it?

You confirm you're the owner of the account by being able to sign your ACME protocol messages with the account's private key. That's kind of the whole point of having an account. If you (or your client) didn't save that key (not the certificate's key, the account's key), then you have to create a new account.

And while you could probably create a new account for every renewal, that's not really how things are supposed to work. And you'd be unnecessarily bloating Let's Encrypt's database.

2 Likes

I have the ability to save account keys public and private through acmephp.
It turns out that for the update I need to send a request signed by these keys to the newOrder method?
without indicating anywhere email?

image

From a protocol perspective, yes. I have no clue how the newOrder method works in acmephp though.

Yes, the email address associated with the account is irrelevant when creating a new order.

2 Likes

This method (newOrder) on your server.
acmephp sends only https request to the address "https://acme-v02.api.letsencrypt.org/acme/new-order".

Yes, the library is obviously going to send a request to the new order endpoint. What I meant was that I don’t know how acmephp expects you to call its newOrder method…how you pass it the account info…how you pass it the order identifiers…how it deals with nonce values…etc. That’s kind of on you as the developer who is trying to use the library.

Most of the community members here know how the protocol works. They’re not familiar with every library that has implemented that protocol and they’re all a bit different.

Here is what acmephp answered me when sending a request for a new order: "An HTTP error without ACME 400 occurred when POST requested https://acme-v02.api.letsencrypt.org/acme/new-acct."
I understand it is acmephp working incorrectly?

That's right, I don’t understand at what stage the gag occurs, it is quite possible that the library is working incorrectly, but to understand this I should know the algorithm of actions and ask it from you.
I will not ask you about the code, only about the algorithm

You have not provided enough information to make that determination. My gut says you did something wrong in your code rather than there being something wrong with acmephp.

Everything was decided. Thank you all for your help.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.