ACMEv2 based CA services

bruncsak · January 10, 2020, 8:16am

I just got to know through the quoted post that there are other ACME based CA services than the Letsencrypt's one.
I immediately updated the code of the client that I am maintaining GitHub - bruncsak/ght-acme.sh: Get publicly trusted certificate via ACME protocol from LetsEncrypt or from BuyPass in a way that it is possible to specify the directory to bootstrap in. Now, the client is tested against buypass' staging server, and it is working (by the way, found one RFC8555 compatibility bug in their ACME server implementation: RFC8555 section 7.3.1 compliance - Questions - Buypass AS).

Is there any other ACMEv2 based certificate provider (CA) that I could test my client against?

_az · January 10, 2020, 8:30am

Have you been testing against Pebble (https://github.com/letsencrypt/pebble) already? It can bring a lot of bugs to light.

Some other implementations/implementors off the top of my head, not all free or open source:

EJBCA (https://www.ejbca.org/)
Nexus Certificate Manager (https://doc.nexusgroup.com/display/PUB/Nexus+Certificate+Manager)
Sectigo/Comodo have some RFC8555 endpoints but they might be enterprise only

bruncsak · January 10, 2020, 12:09pm

Thanks. Do you know about a running instance of pebble that I could immediately use to test my client?

cpu · January 10, 2020, 2:24pm

I don't know of any public instances. It should be easy to get one running yourself though. We publish Docker images and pre-built binaries for 64bit Linux and Windows. You shouldn't need to install Go to get it running.

bruncsak · January 13, 2020, 12:16pm

Thanks for the idea of pebble. I found a bug running it in a container. Fixed the bug:

system · February 12, 2020, 12:16pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.