Could you unlock CORS policy for acme API so it can be used in web-based clients?
When I asked include for useing buypass CA in Zerossl.com, he said he can't do that due to CORS policy of buypass API.
Looks like their API is restricted via CORS (in a way that you can’t pull their API endpoint in the browser from anything but their own site basically):
Access-Control-Allow-Origin’ does not match ‘https://www.buypass.no’
Unless they change that, it won’t be possible to add it to the online client.
But web based client is where longer lifetime of buypass offers shines most, because clients isn't likely to automate renewal. And this API is public one, so I don't think there is reason for block web based clients for it.