Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME Package for ACME v2 coming

    Scheduled Pinned Locked Moved ACME
    1 Posts 1 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      I am working on getting the ACME package ready for the launch of ACME v2 later this month. I have synchronized the code in the devel branch for 2.4.3 snapshots but not for other versions yet. It won't show up until the next snapshot run. Look for ACME package version 0.2.0.1.

      For users of existing certificates, not much will change, but it's good to make sure existing certificates still renew properly, and that new certificates on the v1 servers work as expected.

      You cannot create a trusted wildcard certificate yet because Let's Encrypt does not have production ACME v2 servers online until later this month. The staging server is up, and you can use those to ensure that your validation is working properly for when the production servers go live.

      Updates include

      • acme.sh updated to support ACME v2
      • Wildcard domain support
          * EXPERIMENTAL!! This requires ACME v2 and ONLY the staging server is online right now. Use for testing only.
      • ACME v2 server URLs added to Account Key options
          * EXPERIMENTAL!! ONLY the staging server is online right now. Use for testing only. Let's Encrypt is launching this service for production use later this month.
      • E-Mail Address support added to Account Key options (Let's Encrypt – NOT this package -- will send you an e-mail if your certificate is expiring and hasn't been renewed)
      • Misc bug fixes

      New Providers:

      • AutoDNS (InternetX)
      • Azure (Microsoft)
      • Namesilo
      • Selectel

      Providers with updates/bug fixes:

      • AWS
      • Cloudflare
      • INWX
      • ISPConfig
      • OVH
      • Yandex

      Creating a Wildcard certificate

      Wildcard certificates require ACME v2 and a DNS-based validation method. They cannot be used with other modes (e.g. standalone, webroot, webroot ftp, haproxy integration, etc).

      To make a wildcard certificate, you must validate for the base domain of the wildcard. For example: To make a wildcard certificate for "*.example.com", you must be able to update the TXT record for _acme-challenge.example.com. A common practice is to setup a certificate that contains example.com and *.example.com domains and use the same update method for both.

      Special note for nsupdate/RFC2136: Set the Key Name to example.com in this case

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.