Let's Encrypt ACMEv1 end-of-life

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Let's Encrypt ACMEv1 end-of-life

Diogo Pinela
As I understand it, acme-client currently only supports
ACMEv1. Let's Encrypt recently announced they're going
to begin progressively deprecating that protocol starting
this November:

https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430

Given that, are there any plans to add ACMEv2 support to
acme-client before then?

Thanks,
Diogo Pinela

Reply | Threaded
Open this post in threaded view
|

Re: Let's Encrypt ACMEv1 end-of-life

Patrick Dohman-4

> On May 31, 2019, at 10:42 AM, Diogo Pinela <[hidden email]> wrote:
>
> As I understand it, acme-client currently only supports
> ACMEv1. Let's Encrypt recently announced they're going
> to begin progressively deprecating that protocol starting
> this November:

OCSP is an interesting subject.
In my opinion there is still a need for a certificate infrastructure inside private LAN's.
I’ve learned that in many situations a DNS authority can not be accommodated & certs are non-op.
In addition I find the reliance on public API via browser a potential privacy concern.
Regards
Patrick

Reply | Threaded
Open this post in threaded view
|

Re: Let's Encrypt ACMEv1 end-of-life

Diogo Pinela
In reply to this post by Diogo Pinela
On sáb, jun 1, 2019 at 3:42 PM, Patrick Dohman
<[hidden email]> wrote:

>
>>  On May 31, 2019, at 10:42 AM, Diogo Pinela <[hidden email]>
>> wrote:
>>
>>  As I understand it, acme-client currently only supports
>>  ACMEv1. Let's Encrypt recently announced they're going
>>  to begin progressively deprecating that protocol starting
>>  this November:
>
> OCSP is an interesting subject.
> In my opinion there is still a need for a certificate infrastructure
> inside private LAN's.
> I’ve learned that in many situations a DNS authority can not be
> accommodated & certs are non-op.
> In addition I find the reliance on public API via browser a potential
> privacy concern.
> Regards
> Patrick

That's interesting, but it doesn't answer my question at all.

Reply | Threaded
Open this post in threaded view
|

Re: Let's Encrypt ACMEv1 end-of-life

Chris Cappuccio
Diogo Pinela [[hidden email]] wrote:
>
> That's interesting, but it doesn't answer my question at all.

I don't know if Kristaps is planning on updating it. Nobody else has
mentioned it. Maybe it's a prime job for you to investigate?
The final RFC version, ACMEv2, is documented in RFC 8555:

https://www.rfc-editor.org/rfc/rfc8555.txt

Chris