4. ACME Package for ACME v2 coming

ACME Package for ACME v2 coming

  • Rebel Alliance Developer Netgate

    I am working on getting the ACME package ready for the launch of ACME v2 later this month. I have synchronized the code in the devel branch for 2.4.3 snapshots but not for other versions yet. It won't show up until the next snapshot run. Look for ACME package version 0.2.0.1.

    For users of existing certificates, not much will change, but it's good to make sure existing certificates still renew properly, and that new certificates on the v1 servers work as expected.

    You cannot create a trusted wildcard certificate yet because Let's Encrypt does not have production ACME v2 servers online until later this month. The staging server is up, and you can use those to ensure that your validation is working properly for when the production servers go live.

    Updates include

    • acme.sh updated to support ACME v2
    • Wildcard domain support
        * EXPERIMENTAL!! This requires ACME v2 and ONLY the staging server is online right now. Use for testing only.
    • ACME v2 server URLs added to Account Key options
        * EXPERIMENTAL!! ONLY the staging server is online right now. Use for testing only. Let's Encrypt is launching this service for production use later this month.
    • E-Mail Address support added to Account Key options (Let's Encrypt – NOT this package -- will send you an e-mail if your certificate is expiring and hasn't been renewed)
    • Misc bug fixes

    New Providers:

    • AutoDNS (InternetX)
    • Azure (Microsoft)
    • Namesilo
    • Selectel

    Providers with updates/bug fixes:

    • AWS
    • Cloudflare
    • INWX
    • ISPConfig
    • OVH
    • Yandex

    Creating a Wildcard certificate

    Wildcard certificates require ACME v2 and a DNS-based validation method. They cannot be used with other modes (e.g. standalone, webroot, webroot ftp, haproxy integration, etc).

    To make a wildcard certificate, you must validate for the base domain of the wildcard. For example: To make a wildcard certificate for "*.example.com", you must be able to update the TXT record for _acme-challenge.example.com. A common practice is to setup a certificate that contains example.com and *.example.com domains and use the same update method for both.

    Special note for nsupdate/RFC2136: Set the Key Name to example.com in this case

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy