MDCertificateAgreement

Hi Dears,

I have one small question about the directive MDCertificateAgreement, i implemented mod_md in my server, but i saw sometimes the url in MDCertificateAgreement is changeded
For example :
old url : https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
new url : https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

Existing some place where i can see the news url? my preocupation with this in future some vhost in my conf not renew certificates with mod_md because this url is changed.

thanks for everything,
Marcelo

@marcelof, the current versions of those documents are listed here: https://letsencrypt.org/repository/

1 Like

Hi @marcelof,

We generally announce the terms-of-service change in the API Announcements forum category. Here is the post about the change on Nov 15th.

The subscriber agreement URL is only checked at the time of creating a registration. If you already have a certificate/registration it shouldn't affect renewals.

Hope that helps!

i guess one sugestion interesting would be create one path in url, so people could be follow the url and change templates automatically, for example :

https://community.letsencrypt.org/licenses

Thanks a lot,
Marcelo

@cpu Having a set of static links to the latest versions of those would be handy for automated retrieval purposes. While we’re at it, plain text copies of all of these documents would be nice. :slight_smile:

The ACME protocol already implements two separate future-proof ways to learn the current agreement URL at runtime (from the directory meta element and as part of the new-reg flow). It's an unfortunate design decision that mod_md chose to require users to specify the URL manually.

We also maintain a URL endpoint https://acme-v01.api.letsencrypt.org/terms that returns a Location header to the current agreement URL. This is Let's Encrypt specific and the ACME protocol approaches I mention above are preferable because they will work across other ACME CAs.

We don't want to have a generic "https://community.letsencrypt.org/licenses" URL that works for registration because there is a legal requirement that subscribers indicate the specific subscriber agreement they have read, understood, and agreed to.

1 Like

For the subscriber agreement, this is already implemented in the ACME protocol:

1 Like

Thanks for the info guys, I suppose we'd have to bug the mod_md devs if we want this behavior changed then.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.