While that’s a great technical solution, our legal folks say that if we’re actually considering the protocol agreement as a legal agreement, then we shouldn’t write code to automatically agree to agreements we may not have read.
I can understand why that would be challenging from the perspective of your legal team. My response omitted the implied step where the ToS is retreived and the text is presented to a human being to agree to. This is imperative regardless of whether the ToS string is hard-coded or not. Your code should only be “automatic” in the sense that it shouldn’t have to rely on a hardcoded agreement URL.
What email address should have received the message that @Majkl mentioned? It’s possible that we don’t have the right address signed up (maybe it just goes to the person who originally implemented our LE integration or something).
This would be the email address that was provided with your Let’s Encrypt account registration. It is an optional field and so its possible whoever set up your integration’s account did not provide it. This can be updated after the fact by many ACME clients (e.g. Certbot’s
I also think that message should be a little more explicit about saying “On this date, new automatically-generated registrations will be required to specify the new agreement’s URLs.” or something.
Agreed - there is definitely room for improvement in our process here. We will certainly try to make this communication clearer in the future. Thanks for your patience.