If you are using an ACME client that returns this error it is a problem with the ACME client that should be reported to the developers to be fixed. ACME clients should be coded in such a way that they do not hardcode this URL, because it will change. The protocol supports learning the URL at registration time and that is the only approach that will work when the URL changes.
I took a look to the code of dehydrated before reporting the ‘not found’ issue, and I saw they don’t hardcode the agreement’s url:
That’s why I thought the problem was trying to get the agreement’s url from the terms’ url. But I just realized we’re using a previous version of dehydrated that doesn’t include such behavior. I’ll check whether upgrading dehydrated fixes the problem
That sounds like a likely explanation! Please report back if the problem is resolved by an update so that other Dehydrated users can find this solution too
This technique is acceptable if perhaps not optimal. I believe they implemented it before Let's Encrypt was returning the "meta" directory entry you refer to.
I don't think learning the ToS URL this way is a bug.
I confirm that upgrading to dehydrated v0.4.0+ solves the issue.
However, lua-resty-auto-ssl needs some updates to make it work with such version of dehydrated:
Thanks @fjrosmunoz - I split this topic off of the previous one that started with a complaint about acme.sh so that we can mark this one solved from the Dehydrated update.