From fe96e94e067ecfd9ab5c4a2776a540eb84ec35eb Mon Sep 17 00:00:00 2001
From: Valters Jansons <valter.jansons@gmail.com>
Date: Mon, 29 Jul 2019 12:38:56 +0300
Subject: [PATCH] Handle unnaceptable nonce values

---
 node.js | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/node.js b/node.js
index d7e4442..fa00c1b 100644
--- a/node.js
+++ b/node.js
@@ -1001,6 +1001,18 @@ ACME._finalizeOrder = function(me, options, validatedDomains) {
 					);
 				}
 
+				// The documented ACME error code is "urn:ietf:params:acme:error:badNonce"
+				// however some servers historically have done their variations, so just check `:badnonce`.
+				// https://tools.ietf.org/html/rfc8555#section-6.5
+				if (resp.body.type.toLowerCase().endsWith(':badnonce')) {
+					if (me.debug) {
+						console.debug('[acme-v2] Nonce value unacceptable; retrying with a new nonce');
+					}
+
+					// `me._nonce` has been reset earlier in this function, so just call `poll` again.
+					return pollCert();
+				}
+
 				return Promise.reject(
 					new Error(
 						"Didn't finalize order: Unhandled status '" +
@@ -1176,6 +1188,18 @@ ACME._getCertificate = function(me, options) {
 							//if (me.debug) console.debug('[DEBUG] finalize:', me._finalize); return;
 
 							if (!me._authorizations) {
+								// The documented ACME error code is "urn:ietf:params:acme:error:badNonce"
+								// however some servers historically have done their variations, so just check `:badnonce`.
+								// https://tools.ietf.org/html/rfc8555#section-6.5
+								if (resp.body.type.toLowerCase().endsWith(':badnonce')) {
+									if (me.debug) {
+										console.debug('[acme-v2] Nonce value unacceptable; retrying with a new nonce');
+									}
+
+									// `me._nonce` has been reset earlier in this function, so just call `get` again.
+									return ACME._getCertificate(me, options);
+								}
+
 								return Promise.reject(
 									new Error(
 										"[acme-v2.js] authorizations were not fetched for '" +