acme2certifier is a development project aimed at creating an ACME protocol proxy. Its primary goal is to enable ACME services for CA servers that do not natively support this protocol.
The project consists of two main libraries:
acme_srv/*.py– Implements ACME server functionality based on RFC 8555.ca_handler.py– Provides an interface to CA servers, designed to be modular for easy adaptation to various CA systems. The currently available handlers are listed below:
| Feature Support | Enrollment (E) | Revocation (R) | EAB Profiling (P) |
|---|---|---|---|
| DigiCert® CertCentral | ✅ | ✅ | ✅ |
| Entrust ECS Enterprise | ✅ | ✅ | ✅ |
| EJBCA | ✅ | ✅ | ✅ |
| Generic ACME Handler (LetsEncrypt, BuyPass.com, ZeroSSL) | ❌ | ❌ | ✅ |
| Generic CMPv2 Handler | ✅ | ❌ | ❌ |
| Generic EST Handler | ✅ | ❌ | ❌ |
| Insta ActiveCMS | ✅ | ✅ | ✅ |
| Microsoft Certificate Enrollment Web Services | ✅ | ❌ | ✅ |
| Microsoft Windows Client Certificate Enrollment Protocol (MS-WCCE) | ✅ | ❌ | ✅ |
| NetGuard Certificate Lifecycle Manager | ✅ | ✅ | ❌ |
| NetGuard Certificate Manager/Insta Certifier | ✅ | ✅ | ✅ |
| OpenSSL | ✅ | ✅ | ❌ |
| OpenXPKI | ✅ | ✅ | ❌ |
| XCA | ✅ | ✅ | ✅ |
| acme2dfn (ACME proxy for German research network's PKI) | ✅ | ❌ | ❌ |
For the latest updates and additional documentation, visit the project's homepage: acme2certifier on GitHub
Release notes and changelogs are available at: GitHub Releases
The following ACME clients are regularly tested for compatibility:
Other clients are on the list for future testing. If you test additional ACME clients, feel free to raise an issue if something does not work as expected.
List of command-line parameters used for testing
- ACME v2 RFC 8555 compliant server implementation, including:
- RFC 8737 – TLS ALPN-01 Challenge
- RFC 8738 – IP Address Certificates
- Renewal Information (ARI)
- TNAuthList identifiers (TNAuthList Profile)
- tkauth-01 Challenge (Authority Token)
- Certificate Polling and Callbacks for CA servers.
Supported challenge types:
acme2certifier can be installed as:
- WSGI application (Apache2/Nginx)
- Django project (allows using alternative databases)
The fastest and most convenient way to install acme2certifier is to use docker containers. There are ready made images available at dockerhub and ghcr.io as well as instructions to build your own container. In addition rpm packages for AlmaLinux/CentOS Stream/Redhat EL 9 and deb packages for Ubuntu 22.04 will be provided with every release.
Installation guides:
- RPM Installation (AlmaLinux 9)
- DEB Installation (Ubuntu 22.04)
- Docker Build Instructions
- Apache2 WSGI Setup (Ubuntu 22.04)
- Nginx WSGI Setup (Ubuntu 22.04)
SBOMs for all containers will be automatically created during build process and stored in my SBOM repository
Please read CONTRIBUTING.md for details on my code of conduct, and the process for submitting pull requests. Please note that I have a life besides programming. Thus, expect a delay in answering.
I use SemVer for versioning. For the versions available, see the tags on this repository.
This project is licensed under the GPLv3 - see the LICENSE file for details