Seeking advice on minimal ACME v2 client to obtain signed certificate from "Pebble" CA

dxjones · November 2, 2018, 4:14am

(1) I am trying to develop a minimal ACME v2 client (in Go) that connects to the ACME v2 “Pebble” server and obtains a signed certificate. I have read the ACME Spec, but I am having trouble translating it into working code, and making good use of existing Go packages to keep my code small.

(2) I also want to know how to disable domain validation in Pebble, or insert a “custom” validation method.

I am hoping there already exists an existing ACME v2 client in Go that provides a good illustration of a simple step-by-step approach to obtaining a signed certificate. I can see various Github repos, but it’s unclear which would be the best implementation to follow.

Any pointers or recommendations appreciated,

_az · November 2, 2018, 4:25am

https://github.com/eggsampler/acme is a v2 library and I can recommend that for learning by example

https://github.com/xenolf/lego is a fully blown ACME client that recently migrated to v2

cpu · November 2, 2018, 1:05pm

You can disable domain validation outright with Pebble by starting it after setting the environment variable PEBBLE_VA_ALWAYS_VALID=1. This will make all POSTs to challenges assume the challenge succeeded without actually doing any outbound validation requests for the domain.

system · December 2, 2018, 1:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ACMEv2 based CA services Client dev	5	1631	February 12, 2020
Pebble v2.3.0 released Client dev	1	1150	January 17, 2020
How can I disable TLS Client dev	3	1090	December 3, 2018
Pebble v2.2.1 released Client dev	1	633	August 28, 2019
Acme-v1 local server? Client dev	6	1245	June 22, 2018

Seeking advice on minimal ACME v2 client to obtain signed certificate from "Pebble" CA

Related topics