I’m currently implementing an ACME client using draft-ietf-acme-acme-07 + boulder acme-divergences. Account handling works as expected. However, when trying to e.g. {"identifier":{"type":"dns","value":"foo.bar"},"resource":"new-authz"} I get always a 403 response (The requested operation is currently forbidden. Must agree to subscriber agreement before any further actions.).
Did I miss something? The account status is valid and account updates/creation contain the "terms-of-service-agreed":true property. So not sure, what else is needed.
agreement (optional, string): A URI referring to a subscriber
agreement or terms of service provided by the server (see below).
Including this field indicates the client's agreement with the
referenced terms.
It's a lot messier than in draft-04+ where you can just send the terms-of-service-agreed field. We'll be adopting that method of ToS verification for the upcoming v2 api.
Hope that helps! Apologies for the mess - I know its tough to code to a standard that is in flux when the primary server-side implementation has also been in flux alongside the standard
Ahh, that's it. Wasn't clear to me, that one has to submit it on account create/update. Thought this field was just used in the status message generated by the server. Anyway, works now and I can continue ...
