Compatibility with ACME v2

[Rid]

Great work @zenhack, I was wondering if you have any plans to support the upcoming ACME v2 endpoint:

https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605

It was announced a few days ago and highlights among others include support for wildcard certs! The staging environment is already live with a full launch date scheduled for February 27th 2018.

[buchdag]

Support for acme v2 is planned, but (unfortunately) not wildcard certificates support:

Wildcard identifiers may only be authorized by DNS-01 challenge, so order authorizations corresponding to wildcard identifiers will only include a pending DNS-01 challenge.

as simp_le only supports HTTP-01 challenge, we won't be able to add this feature.

Adding DNS-01 would be a substantial amount of work and contradicts the project's manifesto. No to say that this manifesto is set in stone but we're trying to stick to it for now (@zenhack please correct me if I'm wrong).

[zenhack]

Yeah, DNS-01 is out of scope.

For v2 support, we'll end up waiting until python-acme implements it, and from there I expect plumbing that through to simp_le won't be a ton of work.

[kamikaze]

give us DNS-01, guys! stop being lazy... community and enterprise gave us a chance to have SSL certs for free and now you, guys, blocking it's usage for a full power!

[zenhack]

@kamikaze,

1. The developers of ${RANDOM_FOSS_PROJECT} don't owe you anything. I don't appreciate being called lazy by someone I've never spoken to before for not working on what they're interested in, in my spare time, for free.
2. simp_le is not the only ACME client out there; it is not and does not try to be the right tool for every ACME related job. Its purpose is to handle the simple case simply. If you need DNS-01, use a different client.

[almereyda]

ACME v2 has been released and simp_le is listed as a v2 compatible client.

@zenhack Please note certbot, which supposedly is what you called python-acme, has its ACME v2 issue closed within the last two weeks. certbot/certbot#5367 (comment)

[buchdag]

simp_le is not listed as an ACME v2 compatible client, only the clients listed directly under ACME v2 Compatible Clients are.

https://letsencrypt.org/docs/client-options/

[zenhack]

Yeah. We're unblocked on V2 support now that the library has implemented it, but it hasn't happened just yet.

[almereyda]

Yes, I misread the hierarchy of headlines.

…

On 13 March 2018 at 19:51, Ian Denhardt ***@***.***> wrote: Yeah. We're unblocked on V2 support now that the library has implemented it, but it hasn't happened just yet. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#101 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABka_BrQYQMSgL4xKMCPXW1WQrSgGiGHks5teBUfgaJpZM4RWq27> .

[buchdag]

@zenhack ACME v2 support has been added in #119, we can close this issue.

[zenhack]

Yep, good call -- closing.