Using other server than LE


#1

Hello,

Would it be possible to support other servers than Let’s Encrypt, but still using ACME protocol?
It would be interesting either for supporting other free CAs such as (Censored by forum members), or to support private instances of Boulder.

From what i understand, it should be fairly easy by modifying:


and adding optional possibility to retrieve it e.g. from Windows registry.

Thanks for considering this!


#2

Hi, absolutely! I’d love to support more CAs. The request process changed in a few key ways between ACME v1 and v2 and we could probably only support v2 but yes it would be great if we had more CA options.

It’s probably not quite as simple as just changing the API endpoint as each provider doubtless has variation regarding payment/account registration etc but if they are a big enough CA (and likely to stick around) then we’d just build UI to handle that.

It would also be great if renewal errors against LE could automatically fall back to another provider.


#3

Actually, it is almost as simple as changing the API endpoint, at least for the examples i’ve given:

  • (Censored by forum members) ACME connector behaves completely like LE, at least when seen from Certbot. Rates limits are different, but that will only trigger errors on rare occasions, and i don’t think it’s CertifyTheWeb’s responsibility to handle them: CTW should only display them, and let the user decide what to do.
  • private instances of Boulder will also behave like LE

The only caveat is that Certes embeds LE certificates, you need to call .AddIssuers before retrieving the certificate. See the issuer option there: https://github.com/fszlin/certes/blob/master/src/Certes.Cli/Commands/CertificatePfxCommand.cs


#4

I submitted a tentative patch for it, issue #339


#5

My posts were flagged as “SPAM”. I don’t understand why… Maybe someone could explain?


#6

Hi, the forum app is Discourse and new users apparently get their posts flagged if spam if they link to the same site a few times (github). Unflagged those now.