Implement a general-purpose ACME client for certificate authorities other than Let's Encrypt
Currently, it is only possible to automatically renew certificates issued by Let's Encrypt. Certificates from other CA's have to be updated manually even if they support ACME protocol, so it would be useful to have a module that could renew all certificates.
Thank you for your input. We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
—
IG
-
Fabian van Koppen commented
Seconded. We are considering using Plesk, but are hung up on the lack of this feature.
-
Jan Pieter Kunst commented
This would be a great feature.
Manually renewing Sectigo certifcates when you have hundreds of domains in Plesk is time consuming and tedious. -
Plesk Tech Support commented
Automate the SSL certificate renewal process using Sectigo certificates.
So far, the process of renew a Sectigo SSL certificate on Plesk is the following:
1. First generate a private key and CSR.
2. Then we use the Sectigo portal to obtain a signed certificate.
3. Then an admin has to manually place the certificate in the right location and restart the service.
Do this every 12 months, maybe with tens or thousands of domains can be strenuous work.
Sectigo, like Let's Encrypt, offers the ACME protocol
It might be possible to modify Let's Encrypt plugin parameters to accomodate it for Sectigo ACME.
-
Caleb Fong commented
Even w/o popularity this should be considered as the life span of SSL certs drops down to 398 days ( one year plus grace period) - Safari/Apple will roll this change out on September 1, 2020 -, this will become a pain point that you can get ahead of.
-
Caleb Fong commented
Let's Encrypt is a fantastic system. It has changed the landscape of SSL certs to the point that DigiCert now offers an ACME API endpoint[1]. This is currently a beta feature, but this would be invaluable to hosts and webmasters.
Consider a world where the only major concern is, is there active funding for the cert? The rest will be handled by the ACME bot of choice. This removes the possibility of the cert not being added or unavailable to browsers.
[1]: https://docs.digicert.com/certificate-tools/acme-user-guide/