Skip to content

ACMEOW v1.1.3

Choose a tag to compare

View all tags
@miichoow miichoow released this 20 May 08:08
· 8 commits to main since this release
v1.1.3
7e3f316

ACMEOW v1.1.3

Release Date: May 20, 2026

Version: v1.1.3

Commit: bae3a0b

Production-grade ACME protocol client library for Python.

What's New

Automatic badNonce Retry (RFC 8555 §6.5)

ACME servers may reject any signed request with a 400 badNonce error when a nonce
has expired or was already consumed. The HTTP client now detects this condition and
automatically retries the request with the fresh nonce the server returns in the
Replay-Nonce header — fully transparent to callers.

# No change required — retry is handled internally
with AcmeClient(...) as client:
    client.new_order(["example.com"])
    client.complete_challenges()
    client.finalize_order()
    cert_pem, key_pem = client.get_certificate()

Behaviour details:

  • Only triggers on 400 responses whose type field contains badNonce
  • Bounded by the existing max_retries limit; once exhausted, AcmeServerError is raised as usual
  • A WARNING log is emitted on each badNonce retry for observability (POST <url>: badNonce on attempt N/M, retrying with fresh nonce)
  • The fresh nonce is cached by _update_nonce at the point the 400 is received, so the retry picks it up automatically

Installation

pip install acmeow
pip install acmeow[dns-route53]  # AWS Route53
pip install acmeow[all]          # All optional dependencies

Requirements

  • Python 3.10+
  • cryptography >= 41.0.0
  • requests >= 2.31.0
  • requests[socks] >= 2.31.0

Testing & Quality Metrics

  • 433+ tests passing
  • One-shot simulate_bad_nonce mock added to test infrastructure (conftest.py)
  • Tested on Python 3.10, 3.11, 3.12, 3.13
  • Cross-platform support (Linux, macOS, Windows)

License

Apache License 2.0

Assets 2
Loading