JWS POST Content-Type Header Enforcement


On Thursday, March 29th, 2018 ACMEv2 API clients will be required to send all POST requests with a Content-Type header of application/jose+json. This does not affect ACMEv1.

The latest ACME draft, draft-10, specifically requires the correct Content-Type in POST requests (See ACME draft-10, section 6.2). Let’s Encrypt and the Boulder ACME server will begin rejecting ACMEv2 POST requests that do not have the correct Content-Type starting Mar. 29th.

Please ensure your ACMEv2 compatible client is sending the correct Content-Type header before this date to avoid interruption in service. Pebble, a small testing focused ACMEv2 server, already enforces the Content-Type header and can be used to verify if your ACMEv2 client will be compatible post Mar. 29th.

Thank you,

ACME v2 Production Environment & Wildcards