ACMEv2 protocol officially became IETF Standard (RFC 8555)

On March 11th, Let’s Encrypt announced on the official website that the ACME has officially become the IETF standard (RFC 8555).

The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users’ web servers, allowing the automated deployment of public key infrastructure at very low cost. It was designed by the Internet Security Research Group (ISRG) for their Let’s Encrypt service.

The protocol, based on passing JSON-formatted messages over HTTPS, has been published as an Internet Draft by its own chartered IETF working group.

IETF ACME Working Group [Public domain], via Wikimedia Commons

Let’s Encrypt said that ACME has always been a standardized protocol for certificate issuance and management, and now the dream is finally realized, which is also meaningful to the industry. Let’s Encrypt wrote,

Having a standardized protocol for certificate issuance and management is important for two reasons. First, it improves the quality of the software ecosystem because developers can focus on developing great software for a single protocol, instead of having many pieces of less well maintained software for bespoke APIs. Second, a standardized protocol makes switching from one CA to another easier by minimizing technical dependency lock-in.

Let’s Encrypt said that ACMEv1 will end of life soon. The plan is below

In November of 2019 we will stop allowing new account registrations through our ACMEv1 API endpoint. Existing accounts will continue to function normally.

In June of 2020 we will stop allowing new domains to validate via ACMEv1.

Starting at the beginning of 2021 we will occasionally disable ACMEv1 issuance and renewal for periods of 24 hours, no more than once per month (OCSP service will not be affected).