Thank you for your fast reply!
here is my order request example, that worked few months ago, and I haven't touched this part.
"protected": {
"alg":"RS256",
"jwk":null,
"kid":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/11908841",
"nonce":"0002drZLgOjPWHJz1geOmWDkT1ff4OPUkhnCGZiH9cGo46A",
"url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"Host":null
},
"payload: {
"Location":null,"status":null,"expires":null,
"identifiers":[
{"type":"dns","value":"maks-it.com"},
{"type":"dns","value":"www.maks-it.com"},
{"type":"dns","value":"it.maks-it.com"},
{"type":"dns","value":"www.it.maks-it.com"},
{"type":"dns","value":"ru.maks-it.com"},
{"type":"dns","value":"www.ru.maks-it.com"},
{"type":"dns","value":"api.maks-it.com"},
{"type":"dns","value":"www.api.maks-it.com"}
],
"notBefore":null,
"notAfter":null,
"error":null,
"authorizations":null,
"finalize":null,
"certificate":null
},
"signature": "...."
Then I have implemented POST-as-GET for challange request and polling:
"protected": {
"alg":"RS256",
"jwk":null,
"kid":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/11908841",
"nonce":"0001EkwwvLPMoXogD0gbEgYNftmoJ-G1c40G733h2-i7bo4",
"url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/29225161",
"Host":null
},
"payload": "",
"signature": "..."
When you spoke about:
I didn't understood immediately that you're referring to this documentation part
https://tools.ietf.org/html/rfc8555#section-7.5.1
7.5.1. Responding to Challenges
To prove control of the identifier and receive authorization, the
client needs to provision the required challenge response based on
the challenge type and indicate to the server that it is ready for
the challenge validation to be attempted.
The client indicates to the server that it is ready for the challenge
validation by sending an empty JSON body ("{}") carried in a POST
request to the challenge URL (not the authorization URL).
And yes... this is not a normal POST-as-GET that I had to implement, but, as documentation explains, I had to put empty json body, by converting to base64 {} without quot.
So my request had to be:
"protected": {
"alg":"RS256",
"jwk":null,
"kid":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/11908841",
"nonce":"0001EkwwvLPMoXogD0gbEgYNftmoJ-G1c40G733h2-i7bo4",
"url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/29225161",
"Host":null
},
"payload": Base64({}),
"signature": "..."
Now client works again!
Regards.