Questions re: Removing API v2's /acme/issuer-cert endpoint

We've just posted an announcement regarding the upcoming removal of the (unused) /acme/issuer-cert endpoint from the ACME v2 API.

If you have any questions or concerns, feel free to put them here!

2 Likes

How are people verifying certificates in dev environments, just fetching the cert out of band? Slightly more difficult doing this when running tests in CI using docker. Different again if you’re not playing nice and testing directly against staging, although the root is available at a URL.

I see certbot even just ignores this https://github.com/certbot/certbot/blob/38893115572ee1bc91fcaf10669a80686795ba0b/certbot-ci/certbot_integration_tests/utils/misc.py#L323-L324

1 Like

This change doesn't have any effect on what you need to do to verify certs when testing in a dev environment or testing against staging. As always, both the end-entity cert and the intermediate which issued it will be provided when the client fetches the cert at the end of issuance. Fetching the root which issued that intermediate is a different issue, but one which has never been solved by the ACME API (as you say -- the root is available at a different static URL).

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.