diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java b/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
index e1fd344c..cd32b88c 100644
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/connector/DefaultConnection.java
@@ -53,6 +53,7 @@ import org.shredzone.acme4j.exception.AcmeRateLimitExceededException;
 import org.shredzone.acme4j.exception.AcmeRetryAfterException;
 import org.shredzone.acme4j.exception.AcmeServerException;
 import org.shredzone.acme4j.exception.AcmeUnauthorizedException;
+import org.shredzone.acme4j.provider.pebble.Pebble;
 import org.shredzone.acme4j.util.AcmeUtils;
 import org.shredzone.acme4j.util.JSON;
 import org.shredzone.acme4j.util.JSONBuilder;
@@ -185,8 +186,11 @@ public class DefaultConnection implements Connection {
             if (session.getKeyIdentifier() != null) {
                 // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead
                 // https://github.com/letsencrypt/pebble/issues/23
-                // jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier());
-                jws.getHeaders().setJwkHeaderValue("jwk", jwk);
+                if (Pebble.workaround()) {
+                    jws.getHeaders().setJwkHeaderValue("jwk", jwk);
+                } else {
+                    jws.getHeaders().setObjectHeaderValue("kid", session.getKeyIdentifier());
+                }
             } else {
                 jws.getHeaders().setJwkHeaderValue("jwk", jwk);
             }
diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java
new file mode 100644
index 00000000..2eebd29e
--- /dev/null
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/Pebble.java
@@ -0,0 +1,47 @@
+/*
+ * acme4j - Java ACME client
+ *
+ * Copyright (C) 2017 Richard "Shred" Körber
+ *   http://acme4j.shredzone.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+package org.shredzone.acme4j.provider.pebble;
+
+import org.slf4j.LoggerFactory;
+
+/**
+ * Check if Pebble workarounds or strict ACME specifications are to be used.
+ * <p>
+ * To enable the Pebble workarounds, pass {@code -Dpebble=true} to the JVM.
+ * <p>
+ * Do not use this class. It will be removed.
+ */
+public final class Pebble {
+
+    private static final boolean PEBBLE = Boolean.getBoolean("pebble");
+
+    static {
+        if (PEBBLE) {
+            LoggerFactory.getLogger(Pebble.class).warn("Pebble workarounds enabled!");
+        }
+    }
+
+    private Pebble() {
+        // utility class without constructor
+    }
+
+    /**
+     * Returns {@code true} to enable Pebble workarounds, {@code false} for strict
+     * ACME specifications.
+     */
+    public static boolean workaround() {
+        return PEBBLE;
+    }
+
+}
diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java
index e8404cb4..8c9e6f50 100644
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/provider/pebble/PebbleAcmeProvider.java
@@ -77,7 +77,10 @@ public class PebbleAcmeProvider extends AbstractAcmeProvider {
     @Override
     public JSON directory(Session session, URI serverUri) throws AcmeException {
         JSON json = super.directory(session, serverUri);
-        return JSON.parse(json.toString().replace("\"new-reg\"", "\"new-account\""));
+        if (Pebble.workaround()) {
+            json = JSON.parse(json.toString().replace("\"new-reg\"", "\"new-account\""));
+        }
+        return json;
     }
 
 }
diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
index bdbd44e3..01fbdbea 100644
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/connector/DefaultConnectionTest.java
@@ -617,8 +617,7 @@ public class DefaultConnectionTest {
         expectedHeader.append("\"kid\":\"").append(keyIdentifier).append('"');
         expectedHeader.append('}');
 
-        // TODO PEBBLE: cannot process "kid" yet, send "jwk" instead
-        // assertThat(header, sameJSONAs(expectedHeader.toString()));
+        assertThat(header, sameJSONAs(expectedHeader.toString()));
         assertThat(claims, sameJSONAs("{\"foo\":123,\"bar\":\"a-string\"}"));
         assertThat(signature, not(isEmptyOrNullString()));
 
diff --git a/acme4j-it/pom.xml b/acme4j-it/pom.xml
index a5c89c3f..b0ffff9d 100644
--- a/acme4j-it/pom.xml
+++ b/acme4j-it/pom.xml
@@ -124,6 +124,19 @@
                     </images>
                 </configuration>
             </plugin>
+
+            <!-- TODO PEBBLE: remove -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-failsafe-plugin</artifactId>
+                <version>2.20</version>
+                <configuration>
+                    <systemPropertyVariables>
+                        <pebble>true</pebble>
+                    </systemPropertyVariables>
+                </configuration>
+            </plugin>
+
         </plugins>
     </build>