Text file src/github.com/letsencrypt/boulder/docs/acme-divergences.md

Documentation: github.com/letsencrypt/boulder/docs

     1# Boulder divergences from ACME
     2
     3While Boulder attempts to implement the ACME specification ([RFC 8555]) as strictly as possible there are places at which we will diverge from the letter of the specification for various reasons. This document describes the difference between [RFC 8555] and Boulder's implementation of ACME, informally called ACMEv2 and available at https://acme-v02.api.letsencrypt.org/directory. A listing of RFC conformant design decisions that may differ from other ACME servers is listed in [implementation_details](https://github.com/letsencrypt/boulder/blob/main/docs/acme-implementation_details.md).
     4
     5Presently, Boulder diverges from the [RFC 8555] ACME spec in the following ways:
     6
     7## [Section 6.3](https://tools.ietf.org/html/rfc8555#section-6.3)
     8
     9Boulder supports POST-as-GET but does not mandate it for requests
    10that simply fetch a resource (certificate, order, authorization, or challenge).
    11
    12## [Section 6.6](https://tools.ietf.org/html/rfc8555#section-6.6)
    13
    14For all rate-limits, Boulder includes a `Link` header to additional documentation on rate-limiting. Only rate-limits on `duplicate certificates` and `certificates per registered domain` are accompanied by a `Retry-After` header.
    15
    16## [Section 7.1.2](https://tools.ietf.org/html/rfc8555#section-7.1.2)
    17
    18Boulder does not supply the `orders` field on account objects. We intend to
    19support this non-essential feature in the future. Please follow Boulder Issue
    20[#3335](https://github.com/letsencrypt/boulder/issues/3335).
    21
    22## [Section 7.4](https://tools.ietf.org/html/rfc8555#section-7.4)
    23
    24Boulder does not accept the optional `notBefore` and `notAfter` fields of a
    25`newOrder` request paylod.
    26
    27## [Section 7.4.1](https://tools.ietf.org/html/rfc8555#section-7.4.1)
    28
    29Pre-authorization is an optional feature and we have no plans to implement it.
    30V2 clients should use order based issuance without pre-authorization.
    31
    32## [Section 7.4.2](https://tools.ietf.org/html/rfc8555#section-7.4.2)
    33
    34Boulder does not process `Accept` headers for `Content-Type` negotiation when retrieving certificates.
    35
    36## [Section 8.2](https://tools.ietf.org/html/rfc8555#section-8.2)
    37
    38Boulder does not implement the ability to retry challenges or the `Retry-After` header.
    39
    40[RFC 8555]: https://tools.ietf.org/html/rfc8555

View as plain text