Let’s Encrypt introduced ACME v2 protocol and wildcard support for testing

ACME v2 protocol

Let’s Encrypt, the free digital certification authority released the ACME v2 protocol API endpoint and officially announced the start of testing the ACME V2 API interface that supports the issue of wildcard digital certificates.

You can start testing your client for ACME v2 support using the following directory URL:

https://acme-staging-v02.api.letsencrypt.org/directory

Note that because the temporary environment root certificate does not exist in the browser/client truststore, the endpoint is not suitable for use in a production environment. The v2 API endpoints ready for production will be released on February 27.

ACME V2 is not a backward compatible version, so ACME v1 clients, which are used by almost all today, will not work with ACME v2 endpoints. Existing clients need to change their code and use the new version to support ACME v2.

ACME v2 protocolImage: letsencrypt

ACME v2 vs ACME v1

There are a number of differences between the ACME v2 and v1 APIs, notable changes:

  1. Authorization/issuance process has changed
  2. JWS request authorization to change
  3. The “resource” field of the JWS request body is replaced by the new JWS request header “url”
  4. Directory endpoint/resource rename

The new version began to provide wildcard certificate issued:

In July 2017, Let’s Encrypt announced that it will provide wildcard certificates by the beginning of 2018 and is currently testing wildcard certificates in the first week of 2018.

At present, the V2 API interface is under test. Developers can apply for a wildcard certificate through the API interface. However, the API interface is still in the testing phase, so there may be some problems.

Ordinary users can wait and see first wait until formally launched. Interested developers now may want to download and test the new API interface to experience it.

The new version of the API interface, see: https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605

Wildcard certificate explanation:

Domain Name Certificate Similar to the concept of pan-domain DNS resolution, a wildcard certificate issued by a primary domain name can be used in all sub-domains.

Wildcard certificate advantages:

Domain name wildcard certificate is the biggest characteristic of the application can be deployed in the use of sub-domain names, so for sub-domain names, there is no need to re-apply for a new certificate. The price, the wildcard domain name certificate is usually several times higher than the single domain name certificate, but the main reason for the high price of nature is the use of convenience.

Reference: letsencrypt