Comments (4)
No worries. The Get-PAAccount -Refresh
actually used to happen more frequently under the hood as a way to more gracefully prevent errors that would come up if an account had been deactivated elsewhere. But I took most of them out a while back to make things more efficient and because an annoying number of commercial CAs didn't actually support POST-as-GET requests on the account object for some dumb reason. There's actually a switch Set-PAServer -UseAltAccountRefresh
switch to change how the module does account refreshes to use the newAcct endpoint with onlyReturnExisting
as a workaround for those broken CAs.
In any case, yeah. We can close this I think.
from posh-acme.
Hah! I didn't notice the author at first when originally reviewing this thread, I'll just drop it without further comment. :)
https://community.letsencrypt.org/t/should-clients-expect-acme-server-may-drop-accounts/193503/4
from posh-acme.
Hey @jamesaepp, thanks for reaching out. As far as I can tell, there's no way to query the current value of termsOfServiceAgreed
on an account. Both a standard POST-as-GET request on the account and a new account request with the onlyReturnExisting
flag only return the status, public key info, contact, and some other metadata. The RFC basically says it's a write-only property on the account that is accepted during account creation. It's also explicitly ignored in an account update request.
Section 7.3.3 talks about what happens if a CA needs to change their ToS and require users to accept those changes. It basically involves the CA throwing an ACME error on subsequent requests with a URL link intended for a human to use to re-accept the ToS for that account.
From the perspective of "Is this account still sane?", I think the status
field on the account should be sufficient for that purpose at least as far as the ACME protocol is concerned. You can get the current status value with Get-PAAccount -Refresh
which explicitly does a POST-as-GET on the account object to check for updates (such as an account being deactivated elsewhere).
from posh-acme.
@rmbolger I totally missed the -Refresh parameter, thank you! With that parameter, I think that solves the goal I mentioned and you referenced in your last paragraph.
Not sure if we want to keep this feature request or not given your other research into the ToS and (seemingly) lack of utility with the onlyReturnExisting bool.
from posh-acme.
Related Issues (20)
- Feedback Request: Dropping Support for PowerShell 5.1 HOT 5
- 1year / 365 days cert ZeroSSL (aka Lifetime LifetimeDays variable) HOT 8
- WEDOS DNS support ? HOT 5
- Multiple Accounts with DigiCert HOT 4
- Cloudflare Plug In fails to convert String to SecureString HOT 7
- Submit-Renewal doesn't appear to follow ErrorAction HOT 2
- Is there a full list of supported fields for -Subject? HOT 3
- 404 on Submit-ChallengeValidation when using LetsEncrypt Staging HOT 1
- OVH plugin using DnsAlias fails if not using subdomain of the OVHdomain HOT 2
- Trying to use ZeroSSL HOT 4
- Problem with OVH plugin for creating/renewing certificates HOT 8
- Error requesting certificate with WebRoot plugin HOT 5
- FullChainFile doesn't contain ISRG Root X1 HOT 9
- Active24 plugin no longer working HOT 25
- Pull cert into local certificate store using FQDN and Subsequent renew HOT 5
- CmdLets Repeatedly asking for DNS Text Records HOT 3
- Running "Get-PACertificate" can cause a long stream of errors HOT 4
- OVH plugin is not compatible with PowerShell 5.1
- DNSimple Plugin not removing dns challange HOT 3
- DNSimple Plugin regression HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from posh-acme.