docs: update reference ACME ARI RFC 9773 in place of the draft

README.md

@@ -16,7 +16,7 @@ Let's Encrypt client and ACME library written in Go.
 - ACME v2 [RFC 8555](https://www.rfc-editor.org/rfc/rfc8555.html)
   - Support [RFC 8737](https://www.rfc-editor.org/rfc/rfc8737.html): TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension
   - Support [RFC 8738](https://www.rfc-editor.org/rfc/rfc8738.html): certificates for IP addresses
-  - Support [draft-ietf-acme-ari-03](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/): Renewal Information (ARI) Extension
+  - Support [RFC 9773](https://www.rfc-editor.org/rfc/rfc9773.html): Renewal Information (ARI) Extension
   - Support [draft-aaron-acme-profiles-00](https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/): Profiles Extension
 - Comes with about [150 DNS providers](https://go-acme.github.io/lego/dns)
 - Register with CA

acme/api/order.go

@@ -23,7 +23,7 @@ type OrderOptions struct {
 
 	// A string uniquely identifying a previously-issued certificate which this
 	// order is intended to replace.
-	// - https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-03#section-5
+	// - https://www.rfc-editor.org/rfc/rfc9773.html#section-5
 	ReplacesCertID string
 }
 
@@ -77,7 +77,7 @@ func (o *OrderService) NewWithOptions(domains []string, opts *OrderOptions) (acm
 
 		// If the Server rejects the request because the identified certificate has already been marked as replaced,
 		// it MUST return an HTTP 409 (Conflict) with a problem document of type "alreadyReplaced" (see Section 7.4).
-		// https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-08#section-5
+		// https://www.rfc-editor.org/rfc/rfc9773.html#section-5
 		orderReq.Replaces = ""
 
 		resp, err = o.core.post(o.core.GetDirectory().NewOrderURL, orderReq, &order)

acme/api/renewal.go

@@ -14,7 +14,7 @@ var ErrNoARI = errors.New("renewalInfo[get/post]: server does not advertise a re
 // Note: this endpoint is part of a draft specification, not all ACME servers will implement it.
 // This method will return api.ErrNoARI if the server does not advertise a renewal info endpoint.
 //
-// https://datatracker.ietf.org/doc/draft-ietf-acme-ari
+// https://www.rfc-editor.org/rfc/rfc9773.html
 func (c *CertificateService) GetRenewalInfo(certID string) (*http.Response, error) {
 	if c.core.GetDirectory().RenewalInfo == "" {
 		return nil, ErrNoARI

acme/commons.go

@@ -38,7 +38,7 @@ const (
 
 // Directory the ACME directory object.
 // - https://www.rfc-editor.org/rfc/rfc8555.html#section-7.1.1
-// - https://datatracker.ietf.org/doc/draft-ietf-acme-ari/
+// - https://www.rfc-editor.org/rfc/rfc9773.html
 type Directory struct {
 	NewNonceURL   string `json:"newNonce"`
 	NewAccountURL string `json:"newAccount"`
@@ -196,7 +196,7 @@ type Order struct {
 	// replaces (optional, string):
 	// replaces (string, optional): A string uniquely identifying a
 	// previously-issued certificate which this order is intended to replace.
-	// - https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-03#section-5
+	// - https://www.rfc-editor.org/rfc/rfc9773.html#section-5
 	Replaces string `json:"replaces,omitempty"`
 }
 
@@ -349,7 +349,7 @@ type Window struct {
 }
 
 // RenewalInfoResponse is the response to GET requests made the renewalInfo endpoint.
-// - (4.1. Getting Renewal Information) https://datatracker.ietf.org/doc/draft-ietf-acme-ari/
+// - (4.1. Getting Renewal Information) https://www.rfc-editor.org/rfc/rfc9773.html
 type RenewalInfoResponse struct {
 	// SuggestedWindow contains two fields, start and end,
 	// whose values are timestamps which bound the window of time in which the CA recommends renewing the certificate.
@@ -362,11 +362,11 @@ type RenewalInfoResponse struct {
 }
 
 // RenewalInfoUpdateRequest is the JWS payload for POST requests made to the renewalInfo endpoint.
-// - (4.2. RenewalInfo Objects) https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-03#section-4.2
+// - (4.2. RenewalInfo Objects) https://www.rfc-editor.org/rfc/rfc9773.html#section-4.2
 type RenewalInfoUpdateRequest struct {
 	// CertID is a composite string in the format: base64url(AKI) || '.' || base64url(Serial), where AKI is the
 	// certificate's authority key identifier and Serial is the certificate's serial number. For details, see:
-	// https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-03#section-4.1
+	// https://www.rfc-editor.org/rfc/rfc9773.html#section-4.1
 	CertID string `json:"certID"`
 	// Replaced is required and indicates whether or not the client considers the certificate to have been replaced.
 	// A certificate is considered replaced when its revocation would not disrupt any ongoing services,

acme/errors.go

@@ -60,7 +60,7 @@ type NonceError struct {
 
 // AlreadyReplacedError represents the error which is returned
 // If the Server rejects the request because the identified certificate has already been marked as replaced.
-// - https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-08#section-5
+// - https://www.rfc-editor.org/rfc/rfc9773.html#section-5
 type AlreadyReplacedError struct {
 	*ProblemDetails
 }

certificate/certificates.go

@@ -84,7 +84,7 @@ type ObtainRequest struct {
 
 	// A string uniquely identifying a previously-issued certificate which this
 	// order is intended to replace.
-	// - https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-03#section-5
+	// - https://www.rfc-editor.org/rfc/rfc9773.html#section-5
 	ReplacesCertID string
 }
 
@@ -113,7 +113,7 @@ type ObtainForCSRRequest struct {
 
 	// A string uniquely identifying a previously-issued certificate which this
 	// order is intended to replace.
-	// - https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-03#section-5
+	// - https://www.rfc-editor.org/rfc/rfc9773.html#section-5
 	ReplacesCertID string
 }
 

certificate/renewal.go

@@ -25,15 +25,15 @@ type RenewalInfoResponse struct {
 	// RetryAfter header indicating the polling interval that the ACME server recommends.
 	// Conforming clients SHOULD query the renewalInfo URL again after the RetryAfter period has passed,
 	// as the server may provide a different suggestedWindow.
-	// https://datatracker.ietf.org/doc/html/draft-ietf-acme-ari-03#section-4.2
+	// https://www.rfc-editor.org/rfc/rfc9773.html#section-4.2
 	RetryAfter time.Duration
 }
 
 // ShouldRenewAt determines the optimal renewal time based on the current time (UTC),renewal window suggest by ARI, and the client's willingness to sleep.
 // It returns a pointer to a time.Time value indicating when the renewal should be attempted or nil if deferred until the next normal wake time.
-// This method implements the RECOMMENDED algorithm described in draft-ietf-acme-ari.
+// This method implements the RECOMMENDED algorithm described in RFC 9773.
 //
-// - (4.1-11. Getting Renewal Information) https://datatracker.ietf.org/doc/draft-ietf-acme-ari/
+// - (4.1-11. Getting Renewal Information) https://www.rfc-editor.org/rfc/rfc9773.html
 func (r *RenewalInfoResponse) ShouldRenewAt(now time.Time, willingToSleep time.Duration) *time.Time {
 	// Explicitly convert all times to UTC.
 	now = now.UTC()
@@ -71,7 +71,7 @@ func (r *RenewalInfoResponse) ShouldRenewAt(now time.Time, willingToSleep time.D
 // Note: this endpoint is part of a draft specification, not all ACME servers will implement it.
 // This method will return api.ErrNoARI if the server does not advertise a renewal info endpoint.
 //
-// https://datatracker.ietf.org/doc/draft-ietf-acme-ari
+// https://www.rfc-editor.org/rfc/rfc9773.html
 func (c *Certifier) GetRenewalInfo(req RenewalInfoRequest) (*RenewalInfoResponse, error) {
 	certID, err := MakeARICertID(req.Cert)
 	if err != nil {
@@ -100,7 +100,7 @@ func (c *Certifier) GetRenewalInfo(req RenewalInfoRequest) (*RenewalInfoResponse
 	return &info, nil
 }
 
-// MakeARICertID constructs a certificate identifier as described in draft-ietf-acme-ari-03, section 4.1.
+// MakeARICertID constructs a certificate identifier as described in RFC 9773, section 4.1.
 func MakeARICertID(leaf *x509.Certificate) (string, error) {
 	if leaf == nil {
 		return "", errors.New("leaf certificate is nil")

cmd/cmd_renew.go

@@ -58,7 +58,7 @@ func createRenew() *cli.Command {
 			},
 			&cli.BoolFlag{
 				Name:  flgARIDisable,
-				Usage: "Do not use the renewalInfo endpoint (draft-ietf-acme-ari) to check if a certificate should be renewed.",
+				Usage: "Do not use the renewalInfo endpoint (RFC9773) to check if a certificate should be renewed.",
 			},
 			&cli.DurationFlag{
 				Name:  flgARIWaitToRenewDuration,

docs/content/_index.md

@@ -12,7 +12,7 @@ Let's Encrypt client and ACME library written in Go.
 - ACME v2 [RFC 8555](https://www.rfc-editor.org/rfc/rfc8555.html)
   - Support [RFC 8737](https://www.rfc-editor.org/rfc/rfc8737.html): TLS Application‑Layer Protocol Negotiation (ALPN) Challenge Extension
   - Support [RFC 8738](https://www.rfc-editor.org/rfc/rfc8738.html): issues certificates for IP addresses
-  - Support [draft-ietf-acme-ari-03](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/): Renewal Information (ARI) Extension
+  - Support [RFC 9773](https://www.rfc-editor.org/rfc/rfc9773.html): Renewal Information (ARI) Extension
   - Support [draft-aaron-acme-profiles-00](https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/): Profiles Extension
 - Comes with about [150 DNS providers]({{% ref "dns" %}})
 - Register with CA

docs/data/zz_cli_help.toml

@@ -93,7 +93,7 @@ USAGE:
 
 OPTIONS:
    --days value                              The number of days left on a certificate to renew it. (default: 30)
-   --ari-disable                             Do not use the renewalInfo endpoint (draft-ietf-acme-ari) to check if a certificate should be renewed. (default: false)
+   --ari-disable                             Do not use the renewalInfo endpoint (RFC9773) to check if a certificate should be renewed. (default: false)
    --ari-wait-to-renew-duration value        The maximum duration you're willing to sleep for a renewal time returned by the renewalInfo endpoint. (default: 0s)
    --reuse-key                               Used to indicate you want to reuse your current private key for the new certificate. (default: false)
    --no-bundle                               Do not create a certificate bundle by adding the issuers certificate to the new certificate. (default: false)