Boulder divergences from ACME
While Boulder attempts to implement the ACME specification (RFC 8555) as strictly as possible there are places at which we will diverge from the letter of the specification for various reasons. This document describes the difference between RFC 8555 and Boulder's implementation of ACME, informally called ACMEv2 and available at https://acme-v02.api.letsencrypt.org/directory. Boulder's implementation of ACMEv1 differs substantially from the final RFC. Documentation for Boulder's ACMEv1 support is available in acme-divergences-v1.md. A listing of RFC conformant design decisions that may differ from other ACME servers is listed in implementation_details.
Presently, Boulder diverges from the RFC 8555 ACME spec in the following ways:
We support POST-as-GET but do not yet mandate it. We plan to mandate POST-as-GET for all ACMEv2 requests in November 2020.
Boulder does not provide a
Retry-After header when a user hits a rate-limit, nor does it provide
Link headers to further documentation on rate-limiting.
invalidEmail in place of the error
Boulder does not implement the
Boulder does not supply the
orders field on account objects. We intend to
support this non-essential feature in the future. Please follow Boulder Issue
Boulder does not accept the optional
notAfter fields of a
newOrder request paylod.
Pre-authorization is an optional feature and we have no plans to implement it. V2 clients should use order based issuance without pre-authorization.
Boulder does not process
Accept headers for
Content-Type negotiation when retrieving certificates.
Boulder does not implement the ability to retry challenges or the