You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ACME Renewal Information (ARI) spec might be starting to stabilize, and Let's Encrypt just announced that renewals complying with ARI will not be rate limited. That was my primary concern, was intentionally refusing service to clients especially during times of infrastructure strain when reliability is already questionable and the renewal window is narrowing.
This sets a good precedent going forward and hopefully other CAs who implement ARI will follow their example.
I still have multiplereservations regarding the philosophy behind ARI, but I think it's probably worth implementing, at least with some configuration, since the policies behind ARI can still vary between CAs. For example, a CA might offer ARI, but in a way that does not actually help you ensure reliability when you comply with it. CertMagic's implementation will balance site uptime with optional protocols.
The ACME Renewal Information (ARI) spec might be starting to stabilize, and Let's Encrypt just announced that renewals complying with ARI will not be rate limited. That was my primary concern, was intentionally refusing service to clients especially during times of infrastructure strain when reliability is already questionable and the renewal window is narrowing.
This sets a good precedent going forward and hopefully other CAs who implement ARI will follow their example.
I still have multiple reservations regarding the philosophy behind ARI, but I think it's probably worth implementing, at least with some configuration, since the policies behind ARI can still vary between CAs. For example, a CA might offer ARI, but in a way that does not actually help you ensure reliability when you comply with it. CertMagic's implementation will balance site uptime with optional protocols.
Let's Encrypt has an article to guide the implementation of ARI. ACMEz, CertMagic's underlying ACME library, already supports the latest ARI draft, but CertMagic will need to keep track of state and do some polling and scheduling to make ARI happen for the user.
The text was updated successfully, but these errors were encountered: