Hello,
I am using latest pebble from docker hub (v2.0.1) with latest acme (0.33.1).
When I try to do query_registration, the pebble server responds Use POST-as-GET to retrieve account data instead of doing an empty update. The acme client is obviously using post with empty UpdateRegistration message - and pebble is obviously rejecting it. So is this problem with pebble or with acme client?
Can you share the Python code you wrote using the acme module? I don't believe the problem is with Pebble. I suspect it's either your driver code or the acme module.
Thanks for sharing your code I'm convinced the bug is in the acme module.
I think the problem is that an empty UpdateRegistration message is not a POST-as-GET request and so Pebble is rightly rejecting it.
An empty registration message will be serialized as {} in the JWS payload. A POST-as-GET request would have a null payload instead. I believe the client.query_registration function you linked to should be using self._post_as_get instead of self._send_recv_regr with an empty message.UpdateRegistration(). The latter behaviour is how Account resources were queried in older (<= draft-14) drafts of ACME. RFC 8555 specifies using POST-as-GET for this which is why Pebble rejects it.
I think this is a real bug/spec divergence in the acme module. Do you want to open an issue with the Certbot maintainers? You should get the credit for discovery