I’m in the home-stretch of rewriting our certificate-manager/client and I’m trying to work out the last bits of importing Certbot LetsEncrypt accounts.
Under ACME-V1, all the resource locations were predictable. When importing an account, I could easily know the corresponding server.
Under ACME-v2, I know the following details:
The directory might be in a given location, for example:
The account resource could be anywhere, it’s most likely in a given location, but still…:
The RFC usually places directory under acme (
/acme/directory), but states it could be anywhere and pebble departs from this model.
Is there any reasonable likelihood that LetsEncrypt will mount multiple ACME services/directories on the same domains?
The reason why I am asking - Certbot doesn’t save (or did not save when my accounts were created) the directory information with the accounts in
/etc/letsencrypt. When importing these accounts, I’m trying to match them up with the correct provider.
Also, given this filepath:
Would I be safe to assume that Certbot is stating the ACME-v2 “directory” is
Going through the certbot code, it seems that an
_account_dir_path is build off a
server_path, and the “server_path” is
This would suggest to me the accounts within that file directory are correlated to the server-path directory.
I’m sorry if this is too pedantic, but I’ve been caught between writing to a spec, and reverse engineering various bits of Certbot to ensure compatibility.
This certificate system is designed for large clusters, so i’m trying to ensure everything imports correctly