summaryrefslogtreecommitdiffstats
path: root/vendor/golang.org/x/crypto/acme/acme.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/golang.org/x/crypto/acme/acme.go')
-rw-r--r--vendor/golang.org/x/crypto/acme/acme.go9
1 files changed, 8 insertions, 1 deletions
diff --git a/vendor/golang.org/x/crypto/acme/acme.go b/vendor/golang.org/x/crypto/acme/acme.go
index fa9c4b39e..1f4fb69ed 100644
--- a/vendor/golang.org/x/crypto/acme/acme.go
+++ b/vendor/golang.org/x/crypto/acme/acme.go
@@ -400,7 +400,7 @@ func (c *Client) RevokeAuthorization(ctx context.Context, url string) error {
// WaitAuthorization polls an authorization at the given URL
// until it is in one of the final states, StatusValid or StatusInvalid,
-// or the context is done.
+// the ACME CA responded with a 4xx error code, or the context is done.
//
// It returns a non-nil Authorization only if its Status is StatusValid.
// In all other cases WaitAuthorization returns an error.
@@ -412,6 +412,13 @@ func (c *Client) WaitAuthorization(ctx context.Context, url string) (*Authorizat
if err != nil {
return nil, err
}
+ if res.StatusCode >= 400 && res.StatusCode <= 499 {
+ // Non-retriable error. For instance, Let's Encrypt may return 404 Not Found
+ // when requesting an expired authorization.
+ defer res.Body.Close()
+ return nil, responseError(res)
+ }
+
retry := res.Header.Get("Retry-After")
if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
res.Body.Close()
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-08-18 00:49:30 +0000