acme2certifier 0.41.3

ACMEv2 server

acme2certifier

acme2certifier is a development project aimed at creating an ACME protocol proxy. Its primary goal is to enable ACME services for CA servers that do not natively support this protocol.

The project consists of two main libraries:

• acme_srv/*.py – Implements ACME server functionality based on RFC 8555.
• ca_handler.py – Provides an interface to CA servers, designed to be modular for easy adaptation to various CA systems. The currently available handlers are listed below:

Supported CA Handlers

Feature Support	Enrollment (E)	Revocation (R)	EAB Profiling (P)
DigiCert® CertCentral	✅	✅	✅
Entrust ECS Enterprise	✅	✅	✅
EJBCA	✅	✅	✅
Generic ACME Handler (LetsEncrypt, BuyPass.com, ZeroSSL)	❌	❌	✅
Generic CMPv2 Handler	✅	❌	❌
Generic EST Handler	✅	❌	❌
Hashicorp Vault	✅	✅	✅
Insta ActiveCMS	✅	✅	✅
Microsoft Certificate Enrollment Web Services	✅	❌	✅
Microsoft Windows Client Certificate Enrollment Protocol (MS-WCCE)	✅	❌	✅
NetGuard Certificate Lifecycle Manager	✅	✅	✅
NetGuard Certificate Manager/Insta Certifier	✅	✅	✅
OpenSSL	✅	✅	❌
OpenXPKI	✅	✅	✅
XCA	✅	✅	✅

For the latest updates and additional documentation, visit the project's homepage: acme2certifier on GitHub

---

📌 ChangeLog

Release notes and changelogs are available at: GitHub Releases

---

🛠 ACME Client Compatibility

The following ACME clients are regularly tested for compatibility:

• acme.sh
• acmeshell
• Caddy
• Certbot
• cert-manager
• dehydrated
• lego
• traefik
• Posh-ACME
• win-acme

Other clients are on the list for future testing. If you test additional ACME clients, feel free to raise an issue if something does not work as expected.

List of command-line parameters used for testing

---

🚀 Features

• ACME v2 RFC 8555 compliant server implementation, including:
  • RFC 8737 – TLS ALPN-01 Challenge
  • RFC 8738 – IP Address Certificates
  • RFC 8823 - Automatic Certificate Management Environment for End-User S/MIME Certificates
  • RFC 9773 - ACME Renewal Information (ARI) Extension
  • ACME Profiles Extension
  • TNAuthList identifiers (TNAuthList Profile)
  • RFC 9447 - Automated Certificate Management Environment (ACME) Challenges Using an Authority Token
  • Certificate Polling and Callbacks for CA servers.

Supported challenge types:

• http-01
• dns-01
• email-reply-00
• tls-alpn-01
• tkauth-01

---

📦 Installation

acme2certifier can be installed as:

• WSGI application (Apache2/Nginx)
• Django project (allows using alternative databases)

The fastest and most convenient way to install acme2certifier is to use docker containers. There are ready made images available at dockerhub and ghcr.io as well as instructions to build your own container. In addition rpm packages for AlmaLinux/CentOS Stream/Redhat EL 9 and deb packages for Ubuntu 22.04 will be provided with every release.

Installation guides:

• RPM Installation (AlmaLinux 9)
• DEB Installation (Ubuntu 22.04)
• Docker Build Instructions
• Apache2 WSGI Setup (Ubuntu 22.04)
• Nginx WSGI Setup (Ubuntu 22.04)

Software Bill Of Material

SBOMs for all containers will be automatically created during build process and stored in my SBOM repository

Contributing

Please read CONTRIBUTING.md for details on my code of conduct, and the process for submitting pull requests. Please note that I have a life besides programming. Thus, expect a delay in answering.

Versioning

I use SemVer for versioning. For the versions available, see the tags on this repository.

License

This project is licensed under the GPLv3 - see the LICENSE file for details