Missing accounturi field in LE dns-persist-01 challenges

Issuance Tech
1

While attempting to create a dns-persist-01 challenge on the staging API, I received the following.

{
	"type": "dns-persist-01",
	"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall/281943993/466329203/5pPXaw",
	"status": "pending",
	"issuer-domain-names": [
		"letsencrypt.org"
	]
}

This seems incorrect.

Section 3.1 Challenge Object of the Internet-Draft clearly specifies (redacted irrelevant parts):

3.1.  Challenge Object

   The challenge object for "dns-persist-01" contains the following
   fields:

   *  *type* (required, string): ...
   *  *url* (required, string): ...
   *  *status* (required, string): ...

   *  *accounturi* (required, string): A URI identifying the ACME
      account requesting validation, using the identifier format
      specified in [RFC8657], Section 3.  This is the URI the CA expects
      in the DNS record and the mechanism by which the CA communicates
      alternative URIs to the client.  Clients that pre-provisioned a
      record using their ACME account URL ([RFC8555], Section 7.3)
      SHOULD verify the value identifies the same account.

Yet the challenge I received from LE doesn't have it.

2

Opened #8708 on Boulder.

3

That's fair but the Staging dns-persist follows draft 00 of the RFC. The challenge accounturi did not appear until draft 01 that was published just a couple weeks ago. This was mentioned in your prior thread: Dns-persist-01 deployment status and timeline - #2 by orangepizza

Let's Encrypt is very good at announcing changes. Please monitor the API announcement section of this forum. And perhaps the Client Dev section as well.

You might find this thread helpful too: Problem finding dns-persist-01 in staging