I work for a company called Pexip that produces an enterprise distributed videoconferencing system. Whilst the OS is Linux in nature, it is highly customised and only uses libraries that are relevant to the core application. The OS development team have been unwilling to support an ACME client directly within the OS as this will require additional dependencies that may increase any given surface area for potential attacks. However, the restful API’s are very complete and it is possible to manage the system certificates completely through these API’s.
Any given system could contain hundreds of nodes, which may share or use specific certificates. DNS FQDN entries in the SAN are important here as RFC 5922 (Domain Certificates in the Session Initiation Protocol (SIP), section 7.2), states that wildcard certificates cannot be used. The intention of script would be to upload and replace certificates in order to fully automate the management of these tasks, which is something that administrators seemingly always fall over themselves when attempting.
I have run Certify the Web for a number of years (Registered) for various internal tasks, and currently upload new certificate to some of our demo systems, but I stopped short of fully automating the task as I needed to iterate through the currently applied certificates in order to determine what could be updated and what shouldn’t (which was more work and I am lazy ), But now seems like the right time .