Hello, Why does ACME use CSRs, rather than having the client submit the relevant details as part of the API? It would seem a lot simpler—and just as useful?—to submit a public key and domain names directly. Thank you!

Yes, CSRs are signed by the private key which corresponds to the public key embedded in the CSR (and which will then be embedded in the final certificate as well). Yes, Let's Encrypt verifies that the signature on the CSR is valid. But, this does not prove that the client/applicant controls that p…

Why does ACME use CSRs?

Issuance Tech

FGasper January 3, 2023, 4:52pm 7

@Osiris All that does, though, is verify that the public key’s private is the one that signed the CSR. That doesn’t mean that that private is anything “special”, right?

Topic		Replies	Views
Some questions about acme-v1 Client dev	8	2008	June 17, 2018
ACME use one key pair in "account key pair" to create multiple CSR domain to CA Let's Encrypt? Issuance Tech	5	4695	February 16, 2016
Signing an existing hosted certificate Issuance Policy	4	2792	August 28, 2015
I wrote a Let's Encrypt certificate agent Client dev	5	1556	October 24, 2016
Understanding RFC8555 authorization Client dev	4	618	July 31, 2023

Why does ACME use CSRs?

Related topics