Hello,
I am using latest pebble from docker hub (v2.0.1) with latest acme (0.33.1).
When I try to do query_registration, the pebble server responds Use POST-as-GET to retrieve account data instead of doing an empty update. The acme client is obviously using post with empty UpdateRegistration message - and pebble is obviously rejecting it. So is this problem with pebble or with acme client?
Thanks
Hi @wmwmw, welcome to the community forum 
Can you share the Python code you wrote using the acme module? I don’t believe the problem is with Pebble. I suspect it’s either your driver code or the acme module.
directory = acme.messages.Directory(requests.get(config.ACME_DIRECTORY_URL).json())
net = acme.client.ClientNetwork(key)
acme_client = acme.client.ClientV2(directory, net)
registration = acme.messages.Registration(key=key, contact=contact)
rr_data = acme.messages.RegistrationResource(body=registration, uri=reg_uri)
rr = acme_client.query_registration(rr_data)
It works with older versions - where pebble doesnt reject empty UpdateRegistration messages.
Thanks for sharing your code 
I’m convinced the bug is in the acme module.
I think the problem is that an empty UpdateRegistration message is not a POST-as-GET request and so Pebble is rightly rejecting it.
An empty registration message will be serialized as {} in the JWS payload. A POST-as-GET request would have a null payload instead. I believe the client.query_registration function you linked to should be using self._post_as_get instead of self._send_recv_regr with an empty message.UpdateRegistration(). The latter behaviour is how Account resources were queried in older (<= draft-14) drafts of ACME. RFC 8555 specifies using POST-as-GET for this which is why Pebble rejects it.
I think this is a real bug/spec divergence in the acme module. Do you want to open an issue with the Certbot maintainers? You should get the credit for discovery 