Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    ACME Package for ACME v2 coming

    ACME
    1
    1
    2843
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimp
      jimp Rebel Alliance Developer Netgate last edited by

      I am working on getting the ACME package ready for the launch of ACME v2 later this month. I have synchronized the code in the devel branch for 2.4.3 snapshots but not for other versions yet. It won't show up until the next snapshot run. Look for ACME package version 0.2.0.1.

      For users of existing certificates, not much will change, but it's good to make sure existing certificates still renew properly, and that new certificates on the v1 servers work as expected.

      You cannot create a trusted wildcard certificate yet because Let's Encrypt does not have production ACME v2 servers online until later this month. The staging server is up, and you can use those to ensure that your validation is working properly for when the production servers go live.

      Updates include

      • acme.sh updated to support ACME v2
      • Wildcard domain support
          * EXPERIMENTAL!! This requires ACME v2 and ONLY the staging server is online right now. Use for testing only.
      • ACME v2 server URLs added to Account Key options
          * EXPERIMENTAL!! ONLY the staging server is online right now. Use for testing only. Let's Encrypt is launching this service for production use later this month.
      • E-Mail Address support added to Account Key options (Let's Encrypt – NOT this package -- will send you an e-mail if your certificate is expiring and hasn't been renewed)
      • Misc bug fixes

      New Providers:

      • AutoDNS (InternetX)
      • Azure (Microsoft)
      • Namesilo
      • Selectel

      Providers with updates/bug fixes:

      • AWS
      • Cloudflare
      • INWX
      • ISPConfig
      • OVH
      • Yandex

      Creating a Wildcard certificate

      Wildcard certificates require ACME v2 and a DNS-based validation method. They cannot be used with other modes (e.g. standalone, webroot, webroot ftp, haproxy integration, etc).

      To make a wildcard certificate, you must validate for the base domain of the wildcard. For example: To make a wildcard certificate for "*.example.com", you must be able to update the TXT record for _acme-challenge.example.com. A common practice is to setup a certificate that contains example.com and *.example.com domains and use the same update method for both.

      Special note for nsupdate/RFC2136: Set the Key Name to example.com in this case

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy