Adding random entries to the directory


#1

ACME is designed to be extensible by adding new JSON fields, which should be ignored by clients that do not understand them. Unfortunately, some of the earliest ACME clients were intolerant of new fields, which has made it hard to introduce new fields to objects like the one returned from the /directory/ endpoint. Taking inspiration from a Chrome TLS feature we have decided to add a key/keys to directory with randomly generated names in order to dissuade client developers from writing clients in such a way that prevents us from adding new keys in the future.

If you have been directed here because your client broke due to a unexpected key in the directory object with the URL of this thread as its value then you should open an issue on the tracker for the client you use directing the developers to this thread for more information.


/directory endpoint changes on staging
API "/directory" endpoint "meta" field addition
Unable to setup auto renewal of SSL certificate
Fail to renew or create certificates from a DDNS provider, others work
Renew Certs Error
Testing Certbot
Renewal used to work but dies not anymore
Certificate is not being generated
Can't access https://acme-v01.api.letsencrypt.org/directory
DNS problem: NXDOMAIN looking up A for hostname.mydomain.tld
Http challange doesn’t operate (Invalid response… )
Certbot 0.22.0 Release with ACMEv2 and Wildcard Support
Modified certificate errors - for windows exchange server
Could not obtain directory: cURL error 6: Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known
Certificate expiration Please for help
Can't access my website via https
Certificate expiration Please for help
Sudo certbot --authenticator webroot --installer apache exit with error
ConnectionError acme-v02.api.letsencrypt.org
Last 2 days i get java.net.SocketTimeoutException: connect timed out
Can't update email address
Wonder why acme.sh loops with wget returning 2 on nonce request
Wonder why acme.sh loops with wget returning 2 on nonce request
Empty response from 'POST /acme/new-authz' with one particular cert
Deploying Boulder in Production
Could not obtain directory: cURL error 6: Could not resolve host: acme-v01.api.letsencrypt.org; Name or service not known
Failed to renew
Renew fails with error 403 on nginx reverse proxy
Renew doesn't work
Error message - renewing Lets Encrypt via Terminal
NextCloud Auto Setup - ConnectionError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory