Use the `email` configuration in the ACME issuer to "pin" an account to a key

caddyserver / certmagic

Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

https://pkg.go.dev/github.com/caddyserver/certmagic?tab=doc

Apache License 2.0

5k stars 289 forks source link

Use the `email` configuration in the ACME issuer to "pin" an account to a key #283

Closed ankon closed 5 months ago

ankon commented 5 months ago

When the issuer is configured with both an email and key material, these should match -- but that also means we can use the email information to predict the key-key, skipping the potentially expensive storage.List operation.

ankon commented 5 months ago

Mostly for tracking: This PR is against master, but we're actually still using 0.20.0 (no ACME v2). I have a separate branch for that at https://github.com/framer/certmagic/tree/use-account-email-to-pin_0.20.0, the code changes are identical.