Let's Encrypt ACME V2 API Documentation

I think the differences between draft-09 and the current (-12) are fairly cosmetic and shouldn't introduce new divergences between our implementation and the draft specification.

As a quick note: These divergences are specific to the ACME v1 API. The only two divergences for the ACME v2 API are noted at the end of the announcement post: ACME v2 Production Environment & Wildcards

Specifically:

  1. There's no pre-authorization
  2. There's no order "ready" state (soon to be fixed)
  3. There's no "orders" field on account objects.

(I should update the acme-divergences.md doc in the Boulder repo to make this clearer. Apologies!)

You're correct that we don't have a lot of "higher level" documentation about ACME. It would be great to improve that in the future.

You might find an article I wrote in the Internet Protocol Journal (http://ipj.dreamhosters.com/wp-content/uploads/2017/08/ipj20-2.pdf - Page 2 onward) about ACME back in ~June of last year somewhat helpful in this regard. Unforuntately there were fairly significant protocol changes after this was written (The order finalization process is significantly different) and so it too is not a definitive resource.

I expect much of this will be easier in the future once we've moved beyond ACME being a draft standard into it being a final RFC. It's a bit like building on sand right now :slight_smile:

3 Likes