NGINX Makes HTTPS Easier Than Ever with New ACME Module

The asynchronous framework server software and reverse proxy NGINX has recently announced the release of an ACME preview edition, enabling users to request, install, and renew digital certificates directly from the NGINX configuration through built-in directives, thanks to its new ACME module.

The ACME (Automated Certificate Management Environment) protocol is primarily designed to automate the issuance, validation, renewal, and revocation of digital certificates. It allows clients to interact with Certificate Authorities (CAs) without manual intervention, greatly simplifying the deployment of HTTPS certificates for websites and other secure services.

In the industry, there is a growing push to significantly shorten the validity period of digital certificates. For example, Apple’s proposal to limit certificate lifespans to a maximum of 47 days has already been accepted. Without automation, the frequent request and renewal process would be burdensome and impractical.

However, not all environments can leverage third-party tools like CertBot to automate certificate management, leaving IT administrators to perform the process manually. With ACME integration, NGINX aims to reduce the need for such manual intervention.

The NGINX ACME process consists of four steps—configuring the ACME server, allocating shared memory, setting up the challenge, and finalizing configuration. Once completed, NGINX can automatically request, install, and renew its own certificates.

Currently, only the HTTP-01 challenge is supported. The ACME integration is implemented via the new ngx_http_acme_module, which must be compiled into NGINX at installation. NGINX has not yet clarified whether the module will be included by default or will require manual selection in future builds.

During the preview stage, ACME supports only the HTTP-01 challenge, but upcoming versions will include TLS-ALPN and DNS-01 challenges. DNS-01 support would allow wildcard certificates or multi-domain certificates for reuse across several hostnames.

NGINX emphasizes that the rapid global adoption of HTTPS has been largely driven by ACME, which modernizes TLS/SSL certificate issuance, renewal, and management by removing manual steps and reducing lifecycle costs. Native ACME support underlines its importance for the future of web security, automation, and scalability, and it is expected to remain a cornerstone of certificate automation in the foreseeable future.

Open-source NGINX users can click here to obtain pre-built packages, while NGINX Plus enterprise customers can acquire them in the form of an F5-supported dynamic module.

Related Posts:

• Let’s Encrypt introduced ACME v2 protocol and wildcard support for testing
• ACME v2 was released Let’s Encrypt, officially supports wildcard certificates
• Silent Skimmer Reemerges: New Tactics Target Payment Gateways
• NGINX Open Source Makes the Jump to GitHub, Boosting Collaboration and Community Engagement
• CVE-2023-38198 vulnerability in ACME Shell scrip has exploited in the wild in June 2023