r/registration: add 401 to the list of unauthorized codes

Add 401 to the list of unauthorized error codes for determining if the registration is gone during refresh or delete of the registration. We've received reports that ZeroSSL returns this on unauthorized (versus 403), and it is semantically correct, so this should be fine, especially since we still validate on the URN of the error type anyway. Fixes #396.
vancluever · Jun 6, 2024 · 06ff3a4 · 06ff3a4
1 parent 8addd9b
commit 06ff3a4
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/acme/resource_acme_registration.go b/acme/resource_acme_registration.go
@@ -132,6 +132,15 @@ func regGone(err error) bool {
 		// is set to true.
 		return true
 
+	case e.HTTPStatus == 401 && e.Type == "urn:ietf:params:acme:error:unauthorized":
+		// Usually happens when the account has been deactivated. The URN
+		// is a bit general for my liking, but it should be fine given
+		// the specific nature of the request this error would be
+		// returned for.
+		//
+		// Note that some registries return 401 here versus 403.
+		return true
+
 	case e.HTTPStatus == 403 && e.Type == "urn:ietf:params:acme:error:unauthorized":
 		// Usually happens when the account has been deactivated. The URN
 		// is a bit general for my liking, but it should be fine given