ACME v2
bdewater opened this issue · comments
https://letsencrypt.org/2017/06/14/acme-v2-api.html coming in January 2018 with no plans for now to sunset v1.
From HN: https://github.com/letsencrypt/pebble should aid in development and testing
I would also like to know what the plans of @unixcharles are for supporting acme-v2.
The latest draft is published at https://tools.ietf.org/html/draft-ietf-acme-acme, while it's development happens at https://github.com/ietf-wg-acme/acme .
IMO, it would be nice to start a preliminary implementation based on the latest draft. Also the Boulder project, which is Let's Encrypt's reference server, has already started to implement the V2 API.
I would also like to know what the plans of @unixcharles are for supporting acme-v2.
Sorry if it seem like I just ignored the issue. @bdewater and I work together, so we had IRL conversation about it. This is not very transparent, I'll try to avoid doing that in the future.
I'm aware of the development in the spec/boulder.
The tl;dr is yes, I intend to have the client implement the spec v2.
Its a bit of a time consuming effort but I'll try to have it ready for the launch in January. Last time I've looked into the new spec there was no server implementation, and that makes it difficult develop / test, so this is the reason why v2 was on hold.
You're probably already aware, but I just wanted to leave you a note about the new public staging V2 endpoint:
https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605
I'm cheering for you. Patiently waiting for the new acme gem to get started with the migration of my tools :)
@unixcharles and @bdewater do you still have time to build ACME v2 support before the production endpoint goes live by the end of February? If so I would love to sponsor the development as you guys made my life a lot easier the past year since I've started using the library.
Hey @maran, I just didn't have time to give it a shot yet but I will put some time into it to be ready for the launch.
From my understand there should be minimal changes compared to acme draft 07. Pretty hype about getting those sweet wildcard certificates.
hey there,
I really don't wanna annoy you but could you tell us if you still plan to be ready this month?
thanks!
Hey @elcool0r,
These a lot more change to the API than originally expected. All the endpoint have changed and the communication layer changed too, so this is basically a re-write at this point, but I'm doing some progress. I'm still hoping to be ready for launch.
I have managed to upgrade the faraday middleware that handle basic communication (jws/nounce/etc).
I've already implemented endpoint for account management (create/TOS/update/deactivate) and basic order creation.
I still need to implement authorization / challenge completion, certificate ordering and re-key.
You can check out the acme-v2 branch to get an idea of where I'm at.
Thanks for the update!
Noting here that wildcard/ACMEv2 is live! https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
Just a quick update. https://github.com/unixcharles/acme-client/compare/acme-v2 is progressing. I have most of the spec implemented. I have a few more call to implement, downloading certificate and revocation and I also need to write some more tests. It should be up for review soon and expect a release soon after.
I have a PR up for review #134
v2 is out.
Bumped the version to v2 to match the spec.
Also released a v1 for the legacy acme v1 protocol and moved its development into the acme-v1 branch.