elct9620 / rails-letsencrypt

The Let's Encrypt certificate manager for rails
MIT License
130 stars 39 forks source link

Support different CA #32

Open espen opened 2 years ago

espen commented 2 years ago

Have you considered supporting different CAs? I don't know so much about ACME works but it seems to be it should be just switching the URL? Then again I don't know ACME so I could be wrong here. So https://zerossl.com could be supported? I guess it would require some naming changes in this gem though :)

btw this gem looks great. I was hoping not to use it though as I would prefer to outsource cert handling (using ZeroSSL REST API - but they do not give out the private key in the API), so if I have to implement it this gem looks like a very good option.

elct9620 commented 2 years ago

If the Let's Encrypt API is implemented, I think it can support other providers. I had read the ZeroSSL a few years ago, I think I didn't try to support it because I have a similar problem you are mentioned.

espen commented 2 years ago

It is my understanding that both Let's Encrypt and ZeroSSL have the same ACME API. There seems to be some authentication differences that will be supported in acme-client soon: https://github.com/unixcharles/acme-client/pull/210

When that is supported it should be sufficient for this gem to offer a way to change the endpoint as well as supplying the additional required credentials needed for zerossl.