1

Future features

Use this topic for suggesting new features or ideas for future development / use of ACME.

11replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
    • chin
    • chin
    • 4 yrs ago
    • Reported - view

    Magnus Andriy Mahats Is it possible to implement HTTP-01 challenge of Buypass to follow HTTP to HTTPS redirect to validate at least on the same domain (e.g. Redirect http://example.com to https://example.com to complete validation should be valid) ?

    Today most SLL enable website HTTPS redirection on their own domain.

    RFC8555 also permit to follow redirect: https://tools.ietf.org/html/rfc8555#section-8.3

    Let's Encrypt implements this follow redirect mechanism since 2018 or before: https://community.letsencrypt.org/t/i-must-turn-off-https-redirect-to-renew/70415/4

    Like
    • Hi chin 

       

      We plan to implement following of redirects.

      However, the ETA of it is unknown.

       

      Regards,

      Andriy

      Like 1
    • Hi chin

       

      We added support for following of redirects during the http challenge validation.

      It is now available in production and test environments.

       

      Regards,

      Andriy

      Like 1
    • fomm
    • fomm
    • 4 yrs ago
    • Reported - view

    Hi Buypass,

     

    Thanks for the new release to support 5 FQDNs now.

    I do notice that domains in puny code is not supported.

    I was getting below response when I was trying to get a certificate in puny code.

     

     Array (

        [type] => urn:ietf:params:acme:error:rejectedIdentifier

        [detail] => Domain is rejected as high-risk [code] => 403

        [message] => REJECTED_IDENTIFIER

        [details] => HTTP 403 Forbidden

     

    May I ask if you have any plan to allow certificates in puny code? I know there aren't too many people using utf-8 domains, it will still be nice for you to support it.

     

    Thank you.

    Like
    • Hi fomm 

       

      While we recognize that international domain names serve an important purpose, we are more concerned about their possible utilization in phishing attacks.

      We do support punycode, but only for western European characters.

       

      Regards,

      Andriy

      Like
  • Please add support for issuing S/MIME certificates using the RFC 8823 extension for ACME and EMAIL-01 validation. 

    Like 1
  • Hi  Venu Kakarla

    Thank you for your proposal.

    We do not currently issue S/MIME certificates, but if we should decide to do so, we will consider this.

    Regards

    Mads 

    Like
  • I have a couple of requests:

    1) Respect the 'Must Staple' extensions for the certificate. I believe at the moment, the certificate is issued, but without stapling enabled - ie the option is silently ignored.

    2) Add support for secp384r1 keys

    Like
    • Steven Haigh Thank you for the request. We will consider adding support for the topics in your request and will come back with more information later.

      Like
    • mkon Thanks for the reply!

      I believe at the moment it is not possible to validate IPv6 only hosts. Is this on the roadmap at all?

      Like 1
    • Steven Haigh Yes, but i have no timeframe right now.

      Like 2
Like1 Follow
  • 1 Likes
  • 1 yr agoLast active
  • 11Replies
  • 941Views
  • 11 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains