diff --git a/changelogs/fragments/525-acme-no-nonce.yml b/changelogs/fragments/525-acme-no-nonce.yml new file mode 100644 index 000000000..253cfa9fc --- /dev/null +++ b/changelogs/fragments/525-acme-no-nonce.yml @@ -0,0 +1,2 @@ +minor_changes: + - "acme_* modules - handle more gracefully if CA's new nonce call does not return a nonce (https://github.com/ansible-collections/community.crypto/pull/525)." diff --git a/plugins/module_utils/acme/acme.py b/plugins/module_utils/acme/acme.py index b0f64454b..38ce3dec2 100644 --- a/plugins/module_utils/acme/acme.py +++ b/plugins/module_utils/acme/acme.py @@ -140,7 +140,14 @@ def get_nonce(self, resource=None): continue if info['status'] not in (200, 204): raise NetworkException("Failed to get replay-nonce, got status {0}".format(format_http_status(info['status']))) - return info['replay-nonce'] + if 'replay-nonce' in info: + return info['replay-nonce'] + self.module.log( + 'HEAD to {0} did return status {1}, but no replay-nonce header!'.format(url, format_http_status(info['status']))) + if retry_count >= 5: + raise ACMEProtocolException( + self.module, msg='Was not able to obtain nonce, giving up after 5 retries', info=info, response=response) + retry_count += 1 class ACMEClient(object):