Fix handling of non-existing ACME accounts with Digicert ACME endpoint (#681)

* Compatibility for DigiCert CA: also accept 404 instead of 400 for non-existing accounts.

* Add changelog fragment.

* Fix URL.

changelogs/fragments/681-acme-account.yml

@@ -0,0 +1,3 @@
+bugfixes:
+  - "acme_* modules - make account registration handling more flexible to accept 404 instead of
+     400 send by DigiCert's ACME endpoint when an account does not exist (https://github.com/ansible-collections/community.crypto/pull/681)."

plugins/module_utils/acme/account.py

@@ -118,8 +118,10 @@ class ACMEAccount(object):
             if 'location' in info:
                 self.client.set_account_uri(info['location'])
             return False, result
-        elif info['status'] == 400 and result['type'] == 'urn:ietf:params:acme:error:accountDoesNotExist' and not allow_creation:
+        elif info['status'] in (400, 404) and result['type'] == 'urn:ietf:params:acme:error:accountDoesNotExist' and not allow_creation:
             # Account does not exist (and we did not try to create it)
+            # (According to RFC 8555, Section 7.3.1, the HTTP status code MUST be 400.
+            # Unfortunately Digicert does not care and sends 404 instead.)
             return False, None
         elif info['status'] == 403 and result['type'] == 'urn:ietf:params:acme:error:unauthorized' and 'deactivated' in (result.get('detail') or ''):
             # Account has been deactivated; currently works for Pebble; has not been