RenewalInfo endpoint

I was testing the Let's Encrypt APIs and I could not find what this API endpoint does in the RFC8555 documentation -

"renewalInfo": ""

Where can I find the details about this API (such as request body, why it is used etc.)?

ACME is more than RFC8555. There are various extensions (or proposed extensions) of it, for example (this and this):

The directory entry you found is one of those extensions. It's name is a hint as to what it is: It refers to this RFC draft: draft-ietf-acme-ari-01 - Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension

That RFC explains about everything there's to it.


This is a draft called ACME Renewal Information (ARI) that's being tested with suggestions from the server on when a client should renew. It's particularly useful for when the CA needs to revoke a certificate without the subscriber's approval (due to some sort of misissuance event) and so the client can check and find out that it needs to renew early. (It could also help the CA spread out load or deal with scheduled downtime.)

It's still a draft, and the current implementation is in part to be able to get feedback before getting finalized. (And I gave quite a bit of feedback myself earlier this year.) What's currently implemented is draft-01, though it looks like there's a draft-02 now (which I hadn't seen before) which on first glance may be addressing some of my (and others') concerns.

If you want to implement it in order to try it out and maybe even give some feedback then you're certainly welcome to. But just be aware that as it's still a draft things are likely to continue to change.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.