Hello,
I am using latest pebble from docker hub (v2.0.1) with latest acme (0.33.1).
When I try to do query_registration, the pebble server responds Use POST-as-GET to retrieve account data instead of doing an empty update. The acme client is obviously using post with empty UpdateRegistration message - and pebble is obviously rejecting it. So is this problem with pebble or with acme client?
Thanks
Hi @wmwmw, welcome to the community forum 
Can you share the Python code you wrote using the acme module? I don't believe the problem is with Pebble. I suspect it's either your driver code or the acme module.
directory = acme.messages.Directory(requests.get(config.ACME_DIRECTORY_URL).json())
net = acme.client.ClientNetwork(key)
acme_client = acme.client.ClientV2(directory, net)
registration = acme.messages.Registration(key=key, contact=contact)
rr_data = acme.messages.RegistrationResource(body=registration, uri=reg_uri)
rr = acme_client.query_registration(rr_data)
It works with older versions - where pebble doesnt reject empty UpdateRegistration messages.
Thanks for sharing your code 
I'm convinced the bug is in the acme module.
I think the problem is that an empty UpdateRegistration message is not a POST-as-GET request and so Pebble is rightly rejecting it.
An empty registration message will be serialized as {} in the JWS payload. A POST-as-GET request would have a null payload instead. I believe the client.query_registration function you linked to should be using self._post_as_get instead of self._send_recv_regr with an empty message.UpdateRegistration(). The latter behaviour is how Account resources were queried in older (<= draft-14) drafts of ACME. RFC 8555 specifies using POST-as-GET for this which is why Pebble rejects it.
I think this is a real bug/spec divergence in the acme module. Do you want to open an issue with the Certbot maintainers? You should get the credit for discovery 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.