ACME Client—Certbot
Certbot is a common ACME client that is frequently used with the Keyfactor ACME server. Find information about installing and running Certbot on the following web site:
Running Certbot from a Linux server, you can perform the following integrated activities with Keyfactor ACME:
- Get an account
- Request a certificate
- Renew a certificate
- The win-acme settings.json file needs to be updated to point at the Keyfactor ACME server, as it defaults to Let's Encrypt's APIs.
The win-acme settings.json RSA key size
The key size or key length is the number of bits in a key used by a cryptographic algorithm. is 3072 by default, which may not be compatible with typical Active Directory certificate templates or Keyfactor Command settings. Depending on existing configuration, this might need to be changed to 2048 or 4096 to be compatible for enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). to succeed.Win-acme is very noisy about HTTP NotFound errors, giving the perception of errors thought nothing is actually wrong.
The win-acme renewal process uses an API
An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. cache that can be unintuitive and not work correctly with very short lifetime certificates. This behavior can be overridden with the wacs.exe --nocache and --force options if needed.Win-acme uses the Windows certificate store for certificate and key storage and doesn't have the same unattended renewal issues that Windows Certbot had around file permissions not being set correctly or the job not running.
There is a known issue with HTTP-01 validation against the Keyfactor ACME server not working correctly.