ZeroSSL: Alternative to Let's Encrypt ACME Provider

timka

I would like to be able to use a different ACME provider, such as zerossl.com or a self-hosted ACME variant such as smallstep. Do you think this is possible?

girish

Interesting... I found that there is a bunch of alternate providers out there - https://github.com/https-dev/docs/blob/master/list-of-acme-servers.md .

girish

On a side note, I learnt that zerossl acquired acme.sh and caddy.

https://community.letsencrypt.org/t/the-acme-sh-will-change-default-ca-to-zerossl-on-august-1st-2021/144052

robi

@girish can you use acme.sh and support multiple (selectable) providers?

girish

@robi we wrote our own acme client acme2.js . We already provide select-able providers. For example, LE (prod) , LE (staging) in the advanced section of Domain UI. There are actually separate providers. We can test and add more providers to the list.

girish

So, ZeroSSL requires our client to support EAB Credentials . It's easy to add. I will move this to feature request for now.

timka

@girish thank you very much! Looking forward to it!

timka

I do not know, if this may be also interesting, so I just add the link. I noted it because it talks about private pki which might be interesting in my job but I personally don't need it.
https://cert-manager.io