# Automatic Certificate Management Environment (ACME) ## Certificate Management - [ ] Registration - [ ] Account Recovery - [ ] Identifier Authorization - [ ] Certificate Issuance - [ ] Certificate Revocation ## Identifier Validation Challenges - [ ] HTTP - [ ] TLS with Server Name Indication (TLS SNI) - [ ] Proof of Possession of a Prior Key - [ ] DNS ## File structure /var/lib/acme accounts/ @mail/ (account ID) privkey provider certs/ example.com/ (cert ID) cert chain fullchain -> /etc/ssl/certs/examople_com.pem privkey -> /etc/ssl/private/example_com.key desired/ example.com: www.example.com example.com (text file) ## API Register(email string) -> Registration(Account, PrivKey, Noncer) LoadAccount(email string) -> --""-- Registration.Recover(?) Regsitration.Authorize(domain []string) -> ([]Challange, []Combination) Regsitration.Renew(domain []string) -> ([]Challange, []Combination)