Request for getARI Retry-After header

[githubRover]

The retry-after response header says how soon an ACME Client should refresh getARI info.

Using this value is good practice. See this post by Aaron Gable at the LE forum: https://community.letsencrypt.org/t/what-are-you-doing-with-ari-retry-after/233048/27. It discusses revisions of the ARI draft for this.

It would be nice if your getARI call would return this value to callers.

My preference is for it to be in the returned array 'body'. To me it is like a TTL for the suggestedWindow as so should be alongside it. But any other method is fine, of course, even returning all the raw http response headers (in the body or another way).

Thanks for your consideration.

[skoerfgen]

Good point!

Originally I tried to not "pollute" the returned JSON with my own keys. That's why getARI uses the ugly pass by reference for the ari_cert_id. But now i diverted from this and added the ari_cert_id and the retry_after to the returned array.

Example response:

Array
(
    [suggestedWindow] => Array
        (
            [start] => 1738681414
            [end] => 1738854214
        )

    [retry_after] => 21600
    [ari_cert_id] => kydGmAOpUWiOmNbEQkjbI79YlNI.BMenOjYawCtnvb1q8hAoWxzH
)

You'll find the new code here: https://github.com/skoerfgen/ACMECert/tree/ari_dev

[githubRover]

Yeah, I understand wanting to keep the "purity" of the object. It is an abstraction layer so now abstracts away the http along with
ACME details :)

Looks good to me. Good idea to put cert-id in the returned object now too.

Cheers

[githubRover]

Oh, you carried over a typo from the draft RFC into your README

on the their checking interval.

No one has reported it against the RFC yet but probably will

[skoerfgen]

Thanks again!

ACMECert v3.5.0 has been released!