Replay-Nonce
The HTTP Replay-Nonce response header provides a unique nonce value from an ACME server for use in the next client request to prevent replay attacks.
Usage
The Automatic Certificate Management Environment (ACME) protocol automates the process of certificate issuance and renewal between clients and certificate authorities. To prevent attackers from capturing and replaying legitimate protocol messages, ACME requires each request to include a fresh nonce value in a JSON Web Signature (JWS) protected header.
The Replay-Nonce header delivers this nonce from server to client. The ACME server includes the header in every successful response to a POST request and provides the nonce in error responses as well. Each nonce is a server-generated value designed to be unpredictable and unique with high probability.
Clients extract the nonce from the header and embed the value in the protected header of their next JWS-signed request. The server verifies the nonce appears in the request and marks the value as consumed. Once used, the nonce becomes invalid for future requests, forcing clients to obtain a fresh nonce from the most recent server response.
When a server rejects a request due to an invalid or missing nonce,
the response carries HTTP 400 Bad Request with the ACME
error type urn:ietf:params:acme:error:badNonce and includes a
new nonce in the Replay-Nonce header for the next attempt.
Values
The header contains an opaque string value generated by the ACME server. The format is implementation-specific. Clients treat the value as an opaque token without parsing or interpreting the content. The server controls nonce generation to ensure uniqueness and unpredictability.
Example
An ACME server response providing a nonce for the next client request. The client includes this exact value in the JWS protected header when submitting the next ACME protocol message.
Replay-Nonce: oFvnlFP1wIhRlYS2jTaXbA
A fresh nonce provided after a nonce validation failure. The server responds with status 400 and the ACME error type, but includes a new nonce the client uses to retry the request.
Replay-Nonce: 8Xk9mN2pQrLvBsFwTnYcHg
Takeaway
The Replay-Nonce header carries a single-use nonce value from an ACME server to the client, enabling the ACME protocol to prevent unauthorized replay of certificate management requests.