[LetsEncrypt](https://letsencrypt.org) supports issuing free certificates by communication via ACME - the Automatically Certificate Management Evaluation protocol. This tools is yet another ACME client ... but as a client/server model. Some aspects are special: * **ACME handling can be put into own VM / container ...**: The server can be placed into an own VM, container, network segment to limit the security risk on compromised systems. * **Only the server requires all the ACME dependencies**: The clients require only a SSL tool like OpenSSL and a HTTP client like wget or curl, no python, no build tools. Python with python-acme and its dependencies (PyOpenSSL, PyASN.1, ...) is only needed for the server. * **Supports distributed web servers**: All `.well-known/acme-challenges` requests for all domains can be served directly by the server. This makes it easy to validate domains when using multiple web server in distributed or fail-over fashion by forwarding all `.well-known/acme-challenges` requests. * **Only the server needs the ACME account information**: It is not that security relevant, but only the ACME Management Server needs access to the account information / key for the ACME server like LetsEncrypt.
2 years, 11 months ago passed
.. image:: https://readthedocs.org/projects/acme-mgmtserver/badge/?version=latest :target: https://acme-mgmtserver.readthedocs.io/en/latest/?badge=latest :alt: Documentation Status
<a href='https://acme-mgmtserver.readthedocs.io/en/latest/?badge=latest'> <img src='https://readthedocs.org/projects/acme-mgmtserver/badge/?version=latest' alt='Documentation Status' /> </a>