Update IETF links

CHANGELOG.md

@@ -55,13 +55,13 @@
 
 ## v4.2.0 (2022-01-06)
 
-* `added` Support for external account binding - [RFC 8555 Section 7.3.4](https://tools.ietf.org/html/rfc8555#section-7.3.4)
+* `added` Support for external account binding - [RFC 8555 Section 7.3.4](https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.4)
 * `added` Ability to pass through custom logger function
 * `changed` Increase default `backoffAttempts` to 10
 * `fixed` Deactivate authorizations where challenges can not be completed
 * `fixed` Attempt authoritative name servers when verifying `dns-01` challenges
 * `fixed` Error verbosity when failing to read ACME directory
-* `fixed` Correctly recognize `ready` and `processing` states - [RFC 8555 Section 7.1.6](https://tools.ietf.org/html/rfc8555#section-7.1.6)
+* `fixed` Correctly recognize `ready` and `processing` states - [RFC 8555 Section 7.1.6](https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.6)
 
 ## v4.1.4 (2021-12-23)
 
@@ -111,7 +111,7 @@
 ## v3.3.0 (2019-12-19)
 
 * `added` TypeScript definitions
-* `fixed` Allow missing ACME directory meta field - [RFC 8555 Section 7.1.1](https://tools.ietf.org/html/rfc8555#section-7.1.1)
+* `fixed` Allow missing ACME directory meta field - [RFC 8555 Section 7.1.1](https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1)
 
 ## v3.2.1 (2019-11-14)
 
@@ -122,10 +122,10 @@
 * `added` More extensive testing using [letsencrypt/pebble](https://github.com/letsencrypt/pebble)
 * `changed` When creating a CSR, `commonName` no longer defaults to `'localhost'`
     * This change is not considered breaking since `commonName: 'localhost'` will result in an error when ordering a certificate
-* `fixed` Retry signed API requests on `urn:ietf:params:acme:error:badNonce` - [RFC 8555 Section 6.5](https://tools.ietf.org/html/rfc8555#section-6.5)
+* `fixed` Retry signed API requests on `urn:ietf:params:acme:error:badNonce` - [RFC 8555 Section 6.5](https://datatracker.ietf.org/doc/html/rfc8555#section-6.5)
 * `fixed` Minor bugs related to `POST-as-GET` when calling `updateAccount()`
 * `fixed` Ensure subject common name is present in SAN when creating a CSR - [CAB v1.2.3 Section 9.2.2](https://cabforum.org/wp-content/uploads/BRv1.2.3.pdf)
-* `fixed` Send empty JSON body when responding to challenges - [RFC 8555 Section 7.5.1](https://tools.ietf.org/html/rfc8555#section-7.5.1)
+* `fixed` Send empty JSON body when responding to challenges - [RFC 8555 Section 7.5.1](https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1)
 
 ## v2.3.1 (2019-08-26)
 
@@ -134,8 +134,8 @@
 
 ## v3.1.0 (2019-08-21)
 
-* `added` UTF-8 support when generating a CSR subject using forge - [RFC 5280](https://tools.ietf.org/html/rfc5280)
-* `fixed` Implement `POST-as-GET` for all ACME API requests - [RFC 8555 Section 6.3](https://tools.ietf.org/html/rfc8555#section-6.3)
+* `added` UTF-8 support when generating a CSR subject using forge - [RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280)
+* `fixed` Implement `POST-as-GET` for all ACME API requests - [RFC 8555 Section 6.3](https://datatracker.ietf.org/doc/html/rfc8555#section-6.3)
 
 ## v2.3.0 (2019-08-21)
 
@@ -172,7 +172,7 @@
 
 ## v2.0.1 (2018-08-17)
 
-* `fixed` Key rollover in compliance with [draft-ietf-acme-13](https://tools.ietf.org/html/draft-ietf-acme-acme-13)
+* `fixed` Key rollover in compliance with [draft-ietf-acme-13](https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-13)
 
 ## v2.0.0 (2018-04-02)
 

README.md

@@ -4,7 +4,7 @@
 
 This module is written to handle communication with a Boulder/Let's Encrypt-style ACME API.
 
-* RFC 8555 - Automatic Certificate Management Environment (ACME): [https://tools.ietf.org/html/rfc8555](https://tools.ietf.org/html/rfc8555)
+* RFC 8555 - Automatic Certificate Management Environment (ACME): [https://datatracker.ietf.org/doc/html/rfc8555](https://datatracker.ietf.org/doc/html/rfc8555)
 * Boulder divergences from ACME: [https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md](https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md)
 
 ## Compatibility
@@ -67,7 +67,7 @@ acme.directory.zerossl.production;
 
 ### External account binding
 
-To enable [external account binding](https://tools.ietf.org/html/rfc8555#section-7.3.4) when creating your ACME account, provide your KID and HMAC key to the client constructor.
+To enable [external account binding](https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.4) when creating your ACME account, provide your KID and HMAC key to the client constructor.
 
 ```js
 const client = new acme.Client({

src/api.js

@@ -82,7 +82,7 @@ class AcmeApi {
     /**
      * Get Terms of Service URL if available
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.1.1
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1
      *
      * @returns {Promise<string|null>} ToS URL
      */
@@ -95,7 +95,7 @@ class AcmeApi {
     /**
      * Create new account
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.3
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
      *
      * @param {object} data Request payload
      * @returns {Promise<object>} HTTP response
@@ -119,7 +119,7 @@ class AcmeApi {
     /**
      * Update account
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.3.2
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
      *
      * @param {object} data Request payload
      * @returns {Promise<object>} HTTP response
@@ -133,7 +133,7 @@ class AcmeApi {
     /**
      * Update account key
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.3.5
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.5
      *
      * @param {object} data Request payload
      * @returns {Promise<object>} HTTP response
@@ -147,7 +147,7 @@ class AcmeApi {
     /**
      * Create new order
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.4
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
      *
      * @param {object} data Request payload
      * @returns {Promise<object>} HTTP response
@@ -161,7 +161,7 @@ class AcmeApi {
     /**
      * Get order
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.4
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
      *
      * @param {string} url Order URL
      * @returns {Promise<object>} HTTP response
@@ -175,7 +175,7 @@ class AcmeApi {
     /**
      * Finalize order
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.4
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
      *
      * @param {string} url Finalization URL
      * @param {object} data Request payload
@@ -190,7 +190,7 @@ class AcmeApi {
     /**
      * Get identifier authorization
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.5
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5
      *
      * @param {string} url Authorization URL
      * @returns {Promise<object>} HTTP response
@@ -204,7 +204,7 @@ class AcmeApi {
     /**
      * Update identifier authorization
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.5.2
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.2
      *
      * @param {string} url Authorization URL
      * @param {object} data Request payload
@@ -219,7 +219,7 @@ class AcmeApi {
     /**
      * Complete challenge
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.5.1
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
      *
      * @param {string} url Challenge URL
      * @param {object} data Request payload
@@ -234,7 +234,7 @@ class AcmeApi {
     /**
      * Revoke certificate
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.6
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.6
      *
      * @param {object} data Request payload
      * @returns {Promise<object>} HTTP response

src/client.js

@@ -154,7 +154,7 @@ class AcmeClient {
     /**
      * Create a new account
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.3
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3
      *
      * @param {object} [data] Request data
      * @returns {Promise<object>} Account
@@ -200,7 +200,7 @@ class AcmeClient {
     /**
      * Update existing account
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.3.2
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.2
      *
      * @param {object} [data] Request data
      * @returns {Promise<object>} Account
@@ -240,7 +240,7 @@ class AcmeClient {
     /**
      * Update account private key
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.3.5
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.5
      *
      * @param {buffer|string} newAccountKey New PEM encoded private key
      * @param {object} [data] Additional request data
@@ -286,7 +286,7 @@ class AcmeClient {
     /**
      * Create a new order
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.4
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
      *
      * @param {object} data Request data
      * @returns {Promise<object>} Order
@@ -318,7 +318,7 @@ class AcmeClient {
     /**
      * Refresh order object from CA
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.4
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
      *
      * @param {object} order Order object
      * @returns {Promise<object>} Order
@@ -345,7 +345,7 @@ class AcmeClient {
     /**
      * Finalize order
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.4
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4
      *
      * @param {object} order Order object
      * @param {buffer|string} csr PEM encoded Certificate Signing Request
@@ -380,7 +380,7 @@ class AcmeClient {
     /**
      * Get identifier authorizations from order
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.5
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5
      *
      * @param {object} order Order
      * @returns {Promise<object[]>} Authorizations
@@ -410,7 +410,7 @@ class AcmeClient {
     /**
      * Deactivate identifier authorization
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.5.2
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.2
      *
      * @param {object} authz Identifier authorization
      * @returns {Promise<object>} Authorization
@@ -442,7 +442,7 @@ class AcmeClient {
     /**
      * Get key authorization for ACME challenge
      *
-     * https://tools.ietf.org/html/rfc8555#section-8.1
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-8.1
      *
      * @param {object} challenge Challenge object returned by API
      * @returns {Promise<string>} Key authorization
@@ -462,17 +462,17 @@ class AcmeClient {
         const thumbprint = keysum.digest('base64url');
         const result = `${challenge.token}.${thumbprint}`;
 
-        /* https://tools.ietf.org/html/rfc8555#section-8.3 */
+        /* https://datatracker.ietf.org/doc/html/rfc8555#section-8.3 */
         if (challenge.type === 'http-01') {
             return result;
         }
 
-        /* https://tools.ietf.org/html/rfc8555#section-8.4 */
+        /* https://datatracker.ietf.org/doc/html/rfc8555#section-8.4 */
         if (challenge.type === 'dns-01') {
             return createHash('sha256').update(result).digest('base64url');
         }
 
-        /* https://tools.ietf.org/html/rfc8737 */
+        /* https://datatracker.ietf.org/doc/html/rfc8737 */
         if (challenge.type === 'tls-alpn-01') {
             return result;
         }
@@ -519,7 +519,7 @@ class AcmeClient {
     /**
      * Notify CA that challenge has been completed
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.5.1
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
      *
      * @param {object} challenge Challenge object returned by API
      * @returns {Promise<object>} Challenge
@@ -540,7 +540,7 @@ class AcmeClient {
     /**
      * Wait for ACME provider to verify status on a order, authorization or challenge
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.5.1
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.1
      *
      * @param {object} item An order, authorization or challenge object
      * @returns {Promise<object>} Valid order, authorization or challenge
@@ -597,7 +597,7 @@ class AcmeClient {
     /**
      * Get certificate from ACME order
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.4.2
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.4.2
      *
      * @param {object} order Order object
      * @param {string} [preferredChain] Indicate which certificate chain is preferred if a CA offers multiple, by exact issuer common name, default: `null`
@@ -644,7 +644,7 @@ class AcmeClient {
     /**
      * Revoke certificate
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.6
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.6
      *
      * @param {buffer|string} cert PEM encoded certificate
      * @param {object} [data] Additional request data

src/crypto/forge.js

@@ -281,7 +281,7 @@ exports.readCertificateInfo = async function(cert) {
 
 /**
  * Determine ASN.1 type for CSR subject short name
- * Note: https://tools.ietf.org/html/rfc5280
+ * Note: https://datatracker.ietf.org/doc/html/rfc5280
  *
  * @private
  * @param {string} shortName CSR subject short name

src/crypto/index.js

@@ -350,7 +350,7 @@ exports.readCertificateInfo = (certPem) => {
 /**
  * Determine ASN.1 character string type for CSR subject field name
  *
- * https://tools.ietf.org/html/rfc5280
+ * https://datatracker.ietf.org/doc/html/rfc5280
  * https://github.com/PeculiarVentures/x509/blob/ecf78224fd594abbc2fa83c41565d79874f88e00/src/name.ts#L65-L71
  *
  * @private
@@ -517,7 +517,7 @@ exports.createCsr = async (data, keyPem = null) => {
 /**
  * Create a self-signed ALPN certificate for TLS-ALPN-01 challenges
  *
- * https://tools.ietf.org/html/rfc8737
+ * https://datatracker.ietf.org/doc/html/rfc8737
  *
  * @param {object} authz Identifier authorization
  * @param {string} keyAuthorization Challenge key authorization

src/http.js

@@ -64,7 +64,7 @@ class HttpClient {
     /**
      * Ensure provider directory exists
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.1.1
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1
      *
      * @returns {Promise}
      */
@@ -104,7 +104,7 @@ class HttpClient {
     /**
      * Get nonce from directory API endpoint
      *
-     * https://tools.ietf.org/html/rfc8555#section-7.2
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-7.2
      *
      * @returns {Promise<string>} nonce
      */
@@ -267,7 +267,7 @@ class HttpClient {
     /**
      * Signed HTTP request
      *
-     * https://tools.ietf.org/html/rfc8555#section-6.2
+     * https://datatracker.ietf.org/doc/html/rfc8555#section-6.2
      *
      * @param {string} url Request URL
      * @param {object} payload Request payload
@@ -299,7 +299,7 @@ class HttpClient {
         const data = this.createSignedBody(url, payload, { nonce, kid });
         const resp = await this.request(url, 'post', { data });
 
-        /* Retry on bad nonce - https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-6.4 */
+        /* Retry on bad nonce - https://datatracker.ietf.org/doc/html/draft-ietf-acme-acme-10#section-6.4 */
         if (resp.data && resp.data.type && (resp.status === 400) && (resp.data.type === 'urn:ietf:params:acme:error:badNonce') && (attempts < this.maxBadNonceRetries)) {
             nonce = resp.headers['replay-nonce'] || null;
             attempts += 1;