Reply with alreadyReplaced problem when certificate has already been replaced

oliverpool · oliverpool · commit cc7ec55598d5 · 2026-01-15T09:56:24.000+01:00
diff --git a/acme/problems.go b/acme/problems.go
@@ -25,6 +25,7 @@ const (
 	badPublicKeyErr          = errNS + "badPublicKey"
 	badSignatureAlgorithmErr = errNS + "badSignatureAlgorithm"
 	rejectedIdentifierErr    = errNS + "rejectedIdentifier"
+	alreadyReplacedErr       = errNS + "alreadyReplaced"
 )
 
 type ProblemDetails struct {
@@ -221,3 +222,11 @@ func RejectedIdentifierProblem(ident Identifier, detail string) *ProblemDetails
 		},
 	}
 }
+
+func AlreadyReplaced(detail string) *ProblemDetails {
+	return &ProblemDetails{
+		Type:       alreadyReplacedErr,
+		Detail:     detail,
+		HTTPStatus: http.StatusConflict,
+	}
+}
diff --git a/wfe/wfe.go b/wfe/wfe.go
@@ -1683,7 +1683,7 @@ func (wfe *WebFrontEndImpl) validateReplacementOrder(newOrder *core.Order) *acme
 	}
 
 	if originalOrder.IsReplaced {
-		return acme.Conflict(fmt.Sprintf("cannot indicate an order replaces certificate with serial %s, which already has a replacement order", certID.SerialHex()))
+		return acme.AlreadyReplaced(fmt.Sprintf("certificate with serial %s already has a replacement order", certID.SerialHex()))
 	}
 
 	if originalOrder.AccountID != newOrder.AccountID {

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ const (`
`25`	`25`	`badPublicKeyErr = errNS + "badPublicKey"`
`26`	`26`	`badSignatureAlgorithmErr = errNS + "badSignatureAlgorithm"`
`27`	`27`	`rejectedIdentifierErr = errNS + "rejectedIdentifier"`
	`28`	`+ alreadyReplacedErr = errNS + "alreadyReplaced"`
`28`	`29`	`)`
`29`	`30`
`30`	`31`	`type ProblemDetails struct {`
`@@ -221,3 +222,11 @@ func RejectedIdentifierProblem(ident Identifier, detail string) *ProblemDetails`
`221`	`222`	`},`
`222`	`223`	`}`
`223`	`224`	`}`
	`225`	`+`
	`226`	`+func AlreadyReplaced(detail string) *ProblemDetails {`
	`227`	`+ return &ProblemDetails{`
	`228`	`+ Type: alreadyReplacedErr,`
	`229`	`+ Detail: detail,`
	`230`	`+ HTTPStatus: http.StatusConflict,`
	`231`	`+ }`
	`232`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -1683,7 +1683,7 @@ func (wfe WebFrontEndImpl) validateReplacementOrder(newOrder core.Order) *acme`
`1683`	`1683`	`}`
`1684`	`1684`
`1685`	`1685`	`if originalOrder.IsReplaced {`
`1686`		`- return acme.Conflict(fmt.Sprintf("cannot indicate an order replaces certificate with serial %s, which already has a replacement order", certID.SerialHex()))`
	`1686`	`+ return acme.AlreadyReplaced(fmt.Sprintf("certificate with serial %s already has a replacement order", certID.SerialHex()))`
`1687`	`1687`	`}`
`1688`	`1688`
`1689`	`1689`	`if originalOrder.AccountID != newOrder.AccountID {`