About
ACME 1) is a protocol that a certification authority (CA) and an applicant can use to automate the process of verification and issuance of domain validated certificate
ACME is simple (It has almost been implemented in pure Bourne shell).
Challenge
ACME challenges 2) are intended to verify your ownership of a domain.
There are mainly three (excluding preauthorization) where you need to set a token.
Challenge | Description | Secure |
---|---|---|
tls-http-01 3) | Token under /.well-known/acme-challenge and serve it on 80/tcp | |
tls-dns-01 4) | Token to put in a TXT record in the DNS zone | |
tns-sni-01 | Token to embed in the SAN of a certificate you serve to TLS clients who request it through TLS SNI | No, due to shared hosting 5) |
Client
ACME / Let's encrypt client:
- acme-tiny - A tiny script to issue and renew TLS certs from Let's Encrypt