1 comment

[ 2.9 ms ] story [ 15.9 ms ] thread
We just added ACME support to `step-ca`, an open source private certificate authority that I work on. ACME is the protocol that Let's Encrypt uses to automate certificate management for websites.

ACME support in `step-ca` means you can leverage existing ACME clients and libraries to get certificates from your own private certificate authority (CA). This is particularly useful for:

* Using ACME in production to issue certificates to workloads, proxies, queues, databases, etc. so you can use mutual TLS for authentication & encryption.

* Simulating Let’s Encrypt’s CA in dev & pre-production in scenarios where connecting to Let’s Encrypt’s staging server is problematic.

We're supporting the `http-01` and `dns-01` challenge types, so you should be able to get certs using any ACMEv2 client that supports one of these (most do).

* More info and examples on our blog: https://smallstep.com/blog/private-acme-server/

* step-ca is on GitHub: https://github.com/smallstep/certificates

We've been working on this for a while so we're psyched to release it and see how people use it! Let us know what you think!