I was contacted by someone interested in supporting the renewal extension[1] in the Apache ACME implementation.
It seems that this could have helped in the recent certificate revocation my Lets Encrypt and I'd be interested to hear from parties if they agree. Other servers, like Caddy, support renewal on OCSP revocation. While that is very commendable, it still does not allow for a smooth migration to a new certificate when this is a planned operation. Feedback from operators of large sites is that they like to restrict reconfigurations/reloads of servers to time windows where traffic is low and/or on-site support is ready. The proposed "renewalInfo" extension would allow that, it seems. Are there any plans/interests to go forward with this? What is LEs view? Kind Regards, Stefan 1) https://datatracker.ietf.org/doc/draft-aaron-acme-ari/01/ _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
