From 9ba0e25bfeeb6664d7a4f0e36472c210a78c4d3b Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Wed, 2 Nov 2022 09:32:01 +0100
Subject: [PATCH] Handle new nonce call more gracefully when it does not return
 nonce. (#525)

---
 changelogs/fragments/525-acme-no-nonce.yml | 2 ++
 plugins/module_utils/acme/acme.py          | 9 ++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/525-acme-no-nonce.yml

diff --git a/changelogs/fragments/525-acme-no-nonce.yml b/changelogs/fragments/525-acme-no-nonce.yml
new file mode 100644
index 00000000..253cfa9f
--- /dev/null
+++ b/changelogs/fragments/525-acme-no-nonce.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - "acme_* modules - handle more gracefully if CA's new nonce call does not return a nonce (https://github.com/ansible-collections/community.crypto/pull/525)."
diff --git a/plugins/module_utils/acme/acme.py b/plugins/module_utils/acme/acme.py
index b0f64454..38ce3dec 100644
--- a/plugins/module_utils/acme/acme.py
+++ b/plugins/module_utils/acme/acme.py
@@ -140,7 +140,14 @@ class ACMEDirectory(object):
                 continue
             if info['status'] not in (200, 204):
                 raise NetworkException("Failed to get replay-nonce, got status {0}".format(format_http_status(info['status'])))
-            return info['replay-nonce']
+            if 'replay-nonce' in info:
+                return info['replay-nonce']
+            self.module.log(
+                'HEAD to {0} did return status {1}, but no replay-nonce header!'.format(url, format_http_status(info['status'])))
+            if retry_count >= 5:
+                raise ACMEProtocolException(
+                    self.module, msg='Was not able to obtain nonce, giving up after 5 retries', info=info, response=response)
+            retry_count += 1
 
 
 class ACMEClient(object):