As part of a new development, Certify The Web is expanding to implement a certificate server API (naming as yet undecided). This will allow client apps, services and scripts (with an API token) to fetch the latest cert from the certificate server (which in turn does all the ACME process and stores/access secrets like DNS credentials etc).
This enables:
- Scripted fetch of the latest cert by a system that is otherwise not involved in ACME/Let’s Encrypt communication. e.g. Cloud apps, load balanced web servers, appliances
- Multi-node Certify install can fetch latest certs from a master server
- Middleware (such as asp.net core kestrel https config) can fetch the latest cert and also answer http challenges (if required) by asking the server what the current challenge answer should be.
- The Certify server can be optionally hosted on Linux (docker)
- The server can perform some push deployment tasks (network, ssh etc) as well as providing an API to pull from.
- The server will be able to push/pull from some cloud or on-prem Key Vaults (azure, Hashicorp vault)
The existing UI will be able to connect to (and manage) different servers from your desktop, in the same manner as it does now (when on your server desktop).
So, if you think you have a need for such a thing, what features do you need, why and how do you imagine using it?