Automated Certificate Management Environment (ACME) Protocol

Created
2019-01-02
Last Updated
2019-03-13
Available Formats

XML

HTML

Plain text

Registries included below

ACME Account Object Fields

Registration Procedure(s)
Specification Required
Expert(s)
Richard Barnes
Reference
[RFC8555]
Available Formats

CSV
Field Name Field Type Requests Reference
status string new, account [RFC8555]
contact array of string new, account [RFC8555]
externalAccountBinding object new [RFC8555]
termsOfServiceAgreed boolean new [RFC8555]
onlyReturnExisting boolean new [RFC8555]
orders string none [RFC8555]

ACME Order Object Fields

Registration Procedure(s)
Specification Required
Expert(s)
Richard Barnes
Reference
[RFC8555]
Available Formats

CSV
Field Name Field Type Configurable Reference
status string false [RFC8555]
expires string false [RFC8555]
identifiers array of object true [RFC8555]
notBefore string true [RFC8555]
notAfter string true [RFC8555]
error string false [RFC8555]
authorizations array of string false [RFC8555]
finalize string false [RFC8555]
certificate string false [RFC8555]

ACME Authorization Object Fields

Registration Procedure(s)
Specification Required
Expert(s)
Richard Barnes
Reference
[RFC8555]
Available Formats

CSV
Field Name Field Type Configurable Reference
identifier object true [RFC8555]
status string false [RFC8555]
expires string false [RFC8555]
challenges array of object false [RFC8555]
wildcard boolean false [RFC8555]

ACME Error Types

Registration Procedure(s)
Specification Required
Expert(s)
Richard Barnes
Reference
[RFC8555]
Available Formats

CSV
Type Description Reference
accountDoesNotExist The request specified an account that does not exist [RFC8555]
alreadyRevoked The request specified a certificate to be revoked that has already been revoked [RFC8555]
badCSR The CSR is unacceptable (e.g., due to a short key) [RFC8555]
badNonce The client sent an unacceptable anti-replay nonce [RFC8555]
badPublicKey The JWS was signed by a public key the server does not support [RFC8555]
badRevocationReason The revocation reason provided is not allowed by the server [RFC8555]
badSignatureAlgorithm The JWS was signed with an algorithm the server does not support [RFC8555]
caa Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate [RFC8555]
compound Specific error conditions are indicated in the "subproblems" array [RFC8555]
connection The server could not connect to validation target [RFC8555]
dns There was a problem with a DNS query during identifier validation [RFC8555]
externalAccountRequired The request must include a value for the "externalAccountBinding" field [RFC8555]
incorrectResponse Response received didn't match the challenge's requirements [RFC8555]
invalidContact A contact URL for an account was invalid [RFC8555]
malformed The request message was malformed [RFC8555]
orderNotReady The request attempted to finalize an order that is not ready to be finalized [RFC8555]
rateLimited The request exceeds a rate limit [RFC8555]
rejectedIdentifier The server will not issue certificates for the identifier [RFC8555]
serverInternal The server experienced an internal error [RFC8555]
tls The server received a TLS error during validation [RFC8555]
unauthorized The client lacks sufficient authorization [RFC8555]
unsupportedContact A contact URL for an account used an unsupported protocol scheme [RFC8555]
unsupportedIdentifier An identifier is of an unsupported type [RFC8555]
userActionRequired Visit the "instance" URL and take actions specified there [RFC8555]

ACME Resource Types

Registration Procedure(s)
Specification Required
Expert(s)
Richard Barnes
Reference
[RFC8555]
Available Formats

CSV
Field Name Resource Type Reference
newNonce New nonce [RFC8555]
newAccount New account [RFC8555]
newOrder New order [RFC8555]
newAuthz New authorization [RFC8555]
revokeCert Revoke certificate [RFC8555]
keyChange Key change [RFC8555]
meta Metadata object [RFC8555]

ACME Directory Metadata Fields

Registration Procedure(s)
Specification Required
Expert(s)
Richard Barnes
Reference
[RFC8555]
Available Formats

CSV
Field Name Field Type Reference
termsOfService string [RFC8555]
website string [RFC8555]
caaIdentities array of string [RFC8555]
externalAccountRequired boolean [RFC8555]

ACME Identifier Types

Registration Procedure(s)
Specification Required
Expert(s)
Richard Barnes
Reference
[RFC8555]
Available Formats

CSV
Label Reference
dns [RFC8555]

ACME Validation Methods

Registration Procedure(s)
Specification Required
Expert(s)
Richard Barnes
Reference
[RFC8555]
Available Formats

CSV
Label Identifier Type ACME Reference
http-01 dns Y [RFC8555]
dns-01 dns Y [RFC8555]
tls-sni-01 RESERVED N [RFC8555]
tls-sni-02 RESERVED N [RFC8555]