From c0aef0343b7011c43695521b5744e7c491a50b1f Mon Sep 17 00:00:00 2001
From: Ryan Bolger <ryan-oss@xyto.cc>
Date: Sun, 18 Aug 2024 09:21:35 -0700
Subject: [PATCH] fix for ARI trying to replace certs that have already been
 replaced (#560)

---
 Posh-ACME/Public/New-PAOrder.ps1 | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/Posh-ACME/Public/New-PAOrder.ps1 b/Posh-ACME/Public/New-PAOrder.ps1
index a636e694..0c42c262 100644
--- a/Posh-ACME/Public/New-PAOrder.ps1
+++ b/Posh-ACME/Public/New-PAOrder.ps1
@@ -209,7 +209,22 @@ function New-PAOrder {
     # send the request
     try {
         $response = Invoke-ACME $header $payloadJson $acct -EA Stop
-    } catch { throw }
+    } catch {
+        # ACME server should send HTTP 409 Conflict status if we tried to specify
+        # a 'replaces' value that has already been replaced. So if we get that,
+        # retry the request without that field included.
+        if (409 -eq $_.Exception.Data.status) {
+            Write-Warning $_.Exception.Data.detail
+            Write-Verbose "Resubmitting new order without 'replaces' field."
+            $payload.Remove('replaces')
+            $payloadJson = $payload | ConvertTo-Json -Depth 5 -Compress
+            try {
+                $response = Invoke-ACME $header $payloadJson $acct -EA Stop
+            } catch { throw }
+        } else {
+            throw
+        }
+    }
 
     # process the response
     $order = $response.Content | ConvertFrom-Json