Do not hard code subscriber agreement URL #130

New Issue

adam · 2025-12-29T00:25:33+01:00

adam commented

2025-12-29 00:25:33 +01:00

Originally created by @rolandshoemaker on GitHub (Aug 1, 2016).

Boulder provides the current subscriber Agreement in a Link header of the type terms-of-service in response to a valid /acme/new-reg POST request, this should be used instead of hard coding the most recent URL.

Continuing to hard code the URL will cause consistent failures for anyone trying to create a new registration whenever Let's Encrypt chooses to update their agreement.

Originally created by @rolandshoemaker on GitHub (Aug 1, 2016). Boulder provides the current subscriber Agreement in a `Link` header of the type `terms-of-service` in response to a valid `/acme/new-reg` POST request, this should be used instead of hard coding the most recent URL. Continuing to hard code the URL will cause consistent failures for anyone trying to create a new registration whenever Let's Encrypt chooses to update their agreement.

adam added the enhancement label 2025-12-29 00:25:33 +01:00

adam closed this issue

2025-12-29 00:25:33 +01:00

adam commented

2025-12-29 00:25:34 +01:00

@Celti commented on GitHub (Aug 1, 2016):

AFAIK, the reason for the current “hard-coding” (it's not hard-coded, it's a variable adjustable in the config file) is that that in theory provides a fool-proof method of demonstrating you agree with the current terms of service.

I don't think it should be automatically drawn from the headers — but perhaps it would be smart for letsencrypt.sh to include logic that informs you “The terms of service have updated; here is the link to the Subscriber Agreement. Please update your configuration to agree with the new terms.”

@Celti commented on GitHub (Aug 1, 2016): AFAIK, the reason for the current “hard-coding” (it's not hard-coded, it's a variable adjustable in the config file) is that that in theory provides a fool-proof method of demonstrating you agree with the current terms of service. I don't think it should be automatically drawn from the headers — but perhaps it would be smart for letsencrypt.sh to include logic that informs you “The terms of service have updated; here is the link to the Subscriber Agreement. Please update your configuration to agree with the new terms.”

adam commented

2025-12-29 00:25:34 +01:00

@pcfreak30 commented on GitHub (Aug 3, 2016):

Just added support for this in vestacp.
You can use the following command to get the agreement url agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n') with $api being api='https://acme-v01.api.letsencrypt.org'

@pcfreak30 commented on GitHub (Aug 3, 2016): Just added support for this in vestacp. You can use the following command to get the agreement url `agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n')` with `$api` being `api='https://acme-v01.api.letsencrypt.org'`

adam commented

2025-12-29 00:25:35 +01:00

@lukas2511 commented on GitHub (Jan 29, 2017):

Closing in favor of #346, thanks for your hints.

@lukas2511 commented on GitHub (Jan 29, 2017): Closing in favor of #346, thanks for your hints.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#130