ACMEz is a lightweight, fully-compliant RFC 8555 (ACME) implementation, that provides an API for getting certificates. ACMEz is suitable for large-scale enterprise deployments. It also supports common IETF-standardized ACME extensions.

This module has two primary packages:

• acmez is a high-level wrapper for getting certificates. It implements the ACME order flow described in RFC 8555 including challenge solving using pluggable solvers.

• acme is a low-level RFC 8555 implementation that provides the fundamental ACME operations, mainly useful if you have advanced or niche requirements.

Main features:

• Go API that thoroughly documented with spec citations.

• Structured error values (problems as defined in RFC 7807.)

• Smart retries (resilient against network and server hiccups.)

• Challenge plasticity (randomized challenges, and will retry others if one fails.)

• Context cancellation (suitable for high-frequency config changes or reloads.)

• Highly flexible and customizable.

• External Account Binding (EAB) support.

• Tested with numerous ACME CAs (more than just Let's Encrypt.)

• Implements niche aspects of RFC 8555 (such as alt cert chains and account key rollover.)

• Efficient solving of large SAN lists (e.g. for slow DNS record propagation.)

• Utility functions for solving challenges: device attestation challenges (draft-acme-device-attest-02), RFC 8737 (tls-alpn-01 challenge), RFC 8823 (email-reply-00 challenge; S/MIME.)

• ACME Renewal Information (ARI) support (draft-ietf-acme-ari-03.)