Is there any update on the deprecation schedule for unauthenticated GETs on staging? The latest update to ACME v2 - Scheduled deprecation of unauthenticated resource GETs says that POST-as-GET would be required on staging from November 1, 2019. Unauthenticated GETs seem to work today.
With the privacy thing, it would suit us to keep the status quo. When providing email support, we lean on order URLs quite a bit to troubleshoot. I’d prefer not to start logging entire response bodies like Certbot does.