Would be nice to have statistics for usage of different clients


#1

Currently, there’s no information on the adoption rate of different ACME clients. Adding a chart of the prevalence of different User-Agent headers seen in calls to the ACME API would be a nice statistic to add to the statistics page.

The code generating the statistics page doesn’t appear to be published, so I don’t know how difficult this would be.

This information would also have a small operational advantage: knowing what clients, and what client versions, are in use allows decisions to better be made whenever breaking changes are made to the ACME protocol. Although rare, the ACME protocol has yet to be finalised and there has already been a transition from the “simpleHttp” and “dvsni” challenge types to http-01 and tls-sni-01, so such changes are not unprecedented.


#2

This is not possible since the protocol does not enforce client name nor check it.
There is only an hint in the http header if supported by the client and not using the acme reference User-Agent.


#3

Publishing user-agent statistics is totally possible, even if it’s not officially in the specification. It doesn’t have to be enforced to have statistics.


#4

It’s an interesting idea; I can see the usefulness of it.

The statistics page is generated from the Boulder database data several times a day. The DB doesn’t contain user-agents; those are in the logs. In a lot of ways it’s far easier to produce user-agent charts, but it’s a different process.

Automating this would be a task for another day, but I’ll pull together a quick chart for you.


#5

Here’s the dataset for the top 100 user agents against acme-v01.api.letsencrypt.org in the last 12 hours, give or take. The “-” entry is for clients that did not provide a user agent header.

Dataset here:


#6

Wow, thanks. I deduplicated some of the version numbers:

 0.02%  203     python-requests
 0.02%  234     Go-http-client/1.1 (linux; amd64) xenolf-acme Caddy/0.8
 0.02%  262     Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)
 0.04%  380     Amp\x5CArtax/1.0.0-dev (PHP)
 0.06%  673     acmetool
 0.12%  1210    ACME cyon.ch/0.1
 0.33%  3450    curl
 0.38%  3962    ACMEdotNET (ACME 1.0)
 0.64%  6756    simp_le/0
 0.88%  9259    Python-urllib
 1.03%  10792   Faraday v0.9.2
 2.17%  22750   acme-python
 2.34%  24507   Go-http-client/1.1
 2.66%  27881   LiveConfig
 7.39%  77436   -
18.20%  190800  LetsEncryptPythonClient
63.69%  667546  Go 1.1 package http

#7

Any updates for new stats?


#8

+1, this would be very interesting to see.


#9

There is this graph on EFF site:


3 million issued certs and almost 2 million unexpired certificates
#10

nice @Nit thanks for heads up


#11

Could we get an update on this? Maybe even regular on https://letsencrypt.org/stats/?


#12

indeed, I am also curious too :slight_smile:


#13

I also like to have an update.