Seeking advice on minimal ACME v2 client to obtain signed certificate from "Pebble" CA


#1

(1) I am trying to develop a minimal ACME v2 client (in Go) that connects to the ACME v2 “Pebble” server and obtains a signed certificate. I have read the ACME Spec, but I am having trouble translating it into working code, and making good use of existing Go packages to keep my code small.

(2) I also want to know how to disable domain validation in Pebble, or insert a “custom” validation method.

I am hoping there already exists an existing ACME v2 client in Go that provides a good illustration of a simple step-by-step approach to obtaining a signed certificate. I can see various Github repos, but it’s unclear which would be the best implementation to follow.

Any pointers or recommendations appreciated,


#2

https://github.com/eggsampler/acme is a v2 library and I can recommend that for learning by example

https://github.com/xenolf/lego is a fully blown ACME client that recently migrated to v2


#3

You can disable domain validation outright with Pebble by starting it after setting the environment variable PEBBLE_VA_ALWAYS_VALID=1. This will make all POSTs to challenges assume the challenge succeeded without actually doing any outbound validation requests for the domain.