In the latest ACME draft 15, Let's Encrypt introduced POST-as-GET requests. It is a breaking change that is not downward compatible to previous drafts.
This brought me into an uncomfortable position. While the Pebble server enforces the use of POST-as-GET, other servers don't support it yet, like the Let's Encrypt server. For this reason, acme4j needs to support both the pre-draft-15 GET requests and the post-draft-15 POST-as-GET requests. Luckily I have found a solution that is totally transparent to the user, at least as long as no other ACME server is used.
This is how acme4j v2.4 works:
- If you connect to Boulder via an
acme://letsencrypt.orgURI, acme4j falls back to a compatibility mode that still sends GET requests. Let's Encrypt has announced a sunset date for GET requests on November 1st, 2019. You are safe to use acme4j v2.4 (and older versions) up to this date.
- If you connect to a Pebble server via an
acme://pebbleURI, the new POST-as-GET requests are used.
- If you connect to a different server implementation via
https:URI, acme4j sends POST-as-GET requests now. This is likely going to fail at runtime, if the server you connect to does not support draft-15 yet.
- As a temporary workaround, you can add a
postasget=falseparameter to the server URI (e.g.
https://localhost:14000/dir?postasget=false) to make acme4j enter the fallback mode and send GET requests again.
As soon as Let's Encrypt supports POST-as-GET on their production servers, I will remove the fallback mode from acme4j again. It just clutters the code, and I also have no proper way to test it after that.
Hint: Before updating acme4j, always have a look at the migration guide. It will show you where you can expect compatibility issues.