Implement ARI #284
Assignees
Labels
feature request
Request for new feature or functionality
Comments
|
Tailscale Takeaways could be interesting to look at (BSD-3 license). |
|
This is being staged at #286 |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The ACME Renewal Information (ARI) spec might be starting to stabilize, and Let's Encrypt just announced that renewals complying with ARI will not be rate limited. That was my primary concern, was intentionally refusing service to clients especially during times of infrastructure strain when reliability is already questionable and the renewal window is narrowing.
This sets a good precedent going forward and hopefully other CAs who implement ARI will follow their example.
I still have multiple reservations regarding the philosophy behind ARI, but I think it's probably worth implementing, at least with some configuration, since the policies behind ARI can still vary between CAs. For example, a CA might offer ARI, but in a way that does not actually help you ensure reliability when you comply with it. CertMagic's implementation will balance site uptime with optional protocols.
Let's Encrypt has an article to guide the implementation of ARI. ACMEz, CertMagic's underlying ACME library, already supports the latest ARI draft, but CertMagic will need to keep track of state and do some polling and scheduling to make ARI happen for the user.
The text was updated successfully, but these errors were encountered: