For the first nonce, we usually get it via GET /directory, which also
returns the urls that you need for the others (if you don't hardcode
On Mon, Feb 15, 2016 at 9:35 AM, Kaiduan Xie <kaiduanx@xxxxxxxxx> wrote:
Thanks a lot Daniel for the detailed explanation.
One question, how you get the replay-nonce for POST /acme/new-authz?
On Mon, Feb 15, 2016 at 12:26 PM, Daniel Roesler <diafygi@xxxxxxxxx> wrote:
For acme-tiny, we just run the same procedure as getting a new
certificate. You can even use the same CSR as before.
POST /acme/new-authz (request new challenges for the domain)
POST /path/to/challenge (notify of challenges met)
GET /path/to/challenge (wait for the challenge to turn valid)
...repeat as needed for multiple domains
POST /acme/new-cert (get a signed cert)
On Mon, Feb 15, 2016 at 7:00 AM, Kaiduan Xie <kaiduanx@xxxxxxxxx> wrote:
What is the protocol/procedure used under the hood to renew a
certificate? I obtained an Letsencrypt certificate on Dec of 2015 with
own client (not the Python client provided by Letsencrypt), the
is going to expire soon.
Now the following informations are available after obtaining a
1. Account RSA key pair
2. RSA key pair for Letsencrypt issued certificate
3. CSR for Letsencrypt issued certificate
4. Letsencrypt issued certificate
5. URL for Letsencrypt issued certificate
6. Domain name
Can someone elaborate the renew protocol in details? How the above
informations are used to renew a certificate?
Thanks a lot for the help,
You received this message because you are subscribed to the Google
"Let's Encrypt Client Development" group.
To unsubscribe from this group and stop receiving emails from it, send
email to client-dev+unsubscribe@xxxxxxxxxxxxxxx.
To post to this group, send email to client-dev@xxxxxxxxxxxxxxx.
To view this discussion on the web visit