OpenBSD Journal

acme-client(1) moves to Let's Encrypt v02 API

Contributed by rueda on from the wiley-coyote-and-acme-rockets-go-meep-meep dept.

Florian Obser (florian@) has committed the changes required to move acme-client(1) in -current to the RFC 8555 protocol used by the Let's Encrypt v02 API:

Module name:	src
Changes by:	2019/06/07 02:07:52

Modified files:
	usr.sbin/acme-client: acctproc.c acme-client.1 certproc.c 
	                      extern.h http.c http.h json.c main.c 

Log message:
Implement RFC 8555 "Automatic Certificate Management Environment
(ACME)" to be able to talk to the v02 Let's Encrypt API.

With this acme-client(1) will no longer be able to talk to the v01
API. Users must change the api url in /etc/acme-client.conf to
Existing accounts (and certs of course) stay valid and after the url
change acme-client will be able to renew certs.

Tested by Renaud Allard and benno
Input & OK benno

Let's Encrypt has already announced its "End of Life Plan for ACMEv1".

(Comments are closed)

  1. By Matt (DaMattster) on

    Does this mean that this new version of acme-client will support wildcard certificates?

    1. By Alen Mistric (alenmeister) on

      Indeed it does! Been waiting for this, finally. Big ups to florian@

      1. By Matt (DaMattster) on


      2. By Renaud Allard (renaud) on

        No, it does not support wildcard certs yet, you need to use the DNS API for that and no code is in there yet.

        But it now supports ECDSA account and domain keys.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]