ACME Renewal Information (ARI) Extension

[lukastribus]

Hello,

this is a feature request for:

Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension https://www.ietf.org/archive/id/draft-ietf-acme-ari-02.html

This extension allows CA's to inform the ACME client that a renewal is necessary earlier than normal for example due to an upcoming mass revocation:

For example, a CA could suggest that clients renew prior to a mass-revocation event to mitigate the impact of the revocation

For example this would cover various mass revocation events like: https://github.com/acmesh-official/acme.sh/issues/4936

The alternative is that CA's need to email their users, which then have to --renew --force the affected certs.

Current status in other projects:

• Let's Encrypt and Google Trust Services CA's already support ARI
• Buypass CA will implement this within 4 months: https://bugzilla.mozilla.org/show_bug.cgi?id=1872738
• Client implementations include Lego, eggsampler, ACMEz, and win-acme.

I believe this would be a good addition to the client.

Lukas

[github-actions[bot]]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.