Acme-v1 local server?


#1

does anyone know of an acme-v1 compliant local server that can be used for client dev, something like pebble?

i’ve built my own around a few endpoints, but it doesn’t cover all and I’d like to fully emulate the LetsEncrypt behaviors.


#2

I’m not aware of anything as small & compact as Pebble. Your best bet is likely the Boulder quickstart.


#3

Thanks. Boulder is too big and too correct. I need to do things like pebble’s “just validate everything!”, and then cause predicted failures. So far I’ve been building endpoints as needed by reverse-engineering the payloads and referring to the IETF spec if i have any questions or need more details.


#4

That makes sense. In a perfect world we would have time to build a Pebble for the legacy API.

Sounds like there might be an opportunity to fill a need and maybe make this its own standalone project for other ACMEv1 client devs to use :slight_smile:


#5

I’d love to if I had time. The Acme client is only a small fraction of this project, and I’m way over the budgeted time for the current sprint.

My project is open source though, so if anyone comes across this and wants to improve the Fake CA… PLEASE DO - The fake boulder server and instructions are in the “tools” directory of https://github.com/aptise/peter_sslers

The project, PeterSSLers, is a SSL Certificate Manager with built in LetsEncrypt and OpenResty integration. certficates and domains are stored/enrolled in a sql database (postgres or sqlite); an OpenResty package provides a multi-tiered cache (worker-mem, shared-mem, redis) before hitting a Pyramid application that manages everything. The pyramid app is optimized for json endpoints and browsing with Lynx (yes, you read that right).

It’s designed to centralize certificate management for systems with scalable nodes, domains, or both. In our case, we have a self-service whitelabeled social media product. I don’t know how many domains are pointing to our servers or which nodes in a cluster will answer them.

My acme client was buggy, so we’ve been using certbot then loading the certs into this for provisioning. I’ve been on a sprint the past few days to move everything off of certbot and onto this.


#6

I can definitely relate :slight_smile:

I love the “or how i stopped worrying and learned to love the ssl certificate” tagline :+1:


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.