Future features

Use this topic for suggesting new features or ideas for future development / use of ACME.

11replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
    • chin
    • chin
    • 4 yrs ago
    • Reported - view

    Magnus Andriy Mahats Is it possible to implement HTTP-01 challenge of Buypass to follow HTTP to HTTPS redirect to validate at least on the same domain (e.g. Redirect http://example.com to https://example.com to complete validation should be valid) ?

    Today most SLL enable website HTTPS redirection on their own domain.

    RFC8555 also permit to follow redirect: https://tools.ietf.org/html/rfc8555#section-8.3

    Let's Encrypt implements this follow redirect mechanism since 2018 or before: https://community.letsencrypt.org/t/i-must-turn-off-https-redirect-to-renew/70415/4

    • Hi chin 


      We plan to implement following of redirects.

      However, the ETA of it is unknown.




      Like 1
    • Hi chin


      We added support for following of redirects during the http challenge validation.

      It is now available in production and test environments.




      Like 1
    • fomm
    • fomm
    • 3 yrs ago
    • Reported - view

    Hi Buypass,


    Thanks for the new release to support 5 FQDNs now.

    I do notice that domains in puny code is not supported.

    I was getting below response when I was trying to get a certificate in puny code.


     Array (

        [type] => urn:ietf:params:acme:error:rejectedIdentifier

        [detail] => Domain is rejected as high-risk [code] => 403

        [message] => REJECTED_IDENTIFIER

        [details] => HTTP 403 Forbidden


    May I ask if you have any plan to allow certificates in puny code? I know there aren't too many people using utf-8 domains, it will still be nice for you to support it.


    Thank you.

    • Hi fomm 


      While we recognize that international domain names serve an important purpose, we are more concerned about their possible utilization in phishing attacks.

      We do support punycode, but only for western European characters.




  • Please add support for issuing S/MIME certificates using the RFC 8823 extension for ACME and EMAIL-01 validation. 

    Like 1
  • Hi  Venu Kakarla

    Thank you for your proposal.

    We do not currently issue S/MIME certificates, but if we should decide to do so, we will consider this.



  • I have a couple of requests:

    1) Respect the 'Must Staple' extensions for the certificate. I believe at the moment, the certificate is issued, but without stapling enabled - ie the option is silently ignored.

    2) Add support for secp384r1 keys

    • Steven Haigh Thank you for the request. We will consider adding support for the topics in your request and will come back with more information later.

    • mkon Thanks for the reply!

      I believe at the moment it is not possible to validate IPv6 only hosts. Is this on the roadmap at all?

    • Steven Haigh Yes, but i have no timeframe right now.

      Like 1
Like Follow
  • 6 mths agoLast active
  • 11Replies
  • 838Views
  • 10 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains