Contributed by rueda on from the wiley-coyote-and-acme-rockets-go-meep-meep dept.
Florian Obser (florian@
) has
committed
the changes required to move
acme-client(1)
in -current to the
RFC 8555
protocol used by the
Let's Encrypt v02 API:
CVSROOT: /cvs Module name: src Changes by: florian@cvs.openbsd.org 2019/06/07 02:07:52 Modified files: usr.sbin/acme-client: acctproc.c acme-client.1 certproc.c extern.h http.c http.h json.c main.c netproc.c Log message: Implement RFC 8555 "Automatic Certificate Management Environment (ACME)" to be able to talk to the v02 Let's Encrypt API. With this acme-client(1) will no longer be able to talk to the v01 API. Users must change the api url in /etc/acme-client.conf to https://acme-v02.api.letsencrypt.org/directory Existing accounts (and certs of course) stay valid and after the url change acme-client will be able to renew certs. Tested by Renaud Allard and benno Input & OK benno
Let's Encrypt has already announced its "End of Life Plan for ACMEv1".
(Comments are closed)
By Matt (DaMattster) on
Does this mean that this new version of acme-client will support wildcard certificates?
Comments
By Alen Mistric (alenmeister) alen@mistric.no on
Indeed it does! Been waiting for this, finally. Big ups to florian@
Comments
By Matt (DaMattster) matt.schwartz01@gmail.com on
Soweeeeet!
By Renaud Allard (renaud) renaud@allard.it on
No, it does not support wildcard certs yet, you need to use the DNS API for that and no code is in there yet.
But it now supports ECDSA account and domain keys.