GPIV 13 is used to handle the so called external ACME accounts, i.e. pre-registrations according to https://tools.ietf.org/html/rfc8555#section-7.3.4 GPIV 14 is used to handle the actual ACME account. https://tools.ietf.org/html/rfc8555#section-7.3 GPIV 14 is used to revoke an account from the 'server side'. Meaning that the account can no longer be used to renew or create new certificates. The actual ACME accounts are created in the client - server workflow. It is not done beforehand. That is the purpose of the Pre-registrations. To limit the service to only allow "pre-authorized" clients to create accounts and get certificates. So GPIV 14 is only used by an administrator to disable the acme account from the server side, for example if a client has gone rogue, or been decommissioned with out finalizing the workflow by revoking itself. |