ACME breaking change: Most GETs become POSTs

Update: Please see our API announcement about POST-as-GET support for ACME v2.

During a final round of review at IETF, ACME received some feedback that is likely to lead to a breaking change in how ACME handles GETs. Please read my summary for details:

https://mailarchive.ietf.org/arch/msg/acme/sotffSQ0OWV-qQJodLwWYWcEVKI

What this means for ACME client developers: At some point, assuming this change is made to the ACME spec, Let’s Encrypt will make available a new ACME endpoint conforming to the new version, which will be incompatible with both ACMEv1 and ACMEv2. Edit: We’ve elected to handle this change under the existing ACME v2 endpoint, not introducing a new V3 endpoint. The amount of work involved in changing most clients should be relatively small. Clients will need to change GET requests into signed POST requests.

Right now our recommendation for client developers is: If you are working on ACMEv2 implementation, it is probably better to wait for this upcoming spec change, unless you urgently need wildcard support. Please keep an eye on the ACME mailing list.

The ACMEv2 endpoint will continue to be available. We’ll announce a sunset date after we make the ACMEv3 endpoint available (again, assuming that the IETF ACME WG proceeds with the change). Edit: We’ve elected to handle this change under the existing ACME v2 endpoint, not introducing a new V3 endpoint

Thanks,
Jacob

4 Likes