Validation plugins
A validation plugin is responsible for providing the ACME server with proof that you own the identifiers (host names) that you want to create a certificate for. The ACMEv2 protocol defines different challenge types, three of which are supported by simple-acme. For wildcard identifiers, only DNS-01 validation is accepted by Let’s Encrypt.
Supported challenge types
The following challenge types are supported by simple-acme. Various plugins exist to automate handeling the challenge. E.g. the file required for HTTP-01 validation may be placed on the local filesystem or uploaded via FTP, and the DNS record required for DNS-01 validation may be created at different providers.
| HTTP-01 | Serve a text file on port 80 | |
| DNS-01 | Create a TXT record in the DNS | |
| TLS-ALPN-01 | Present self-siged certificate on port 443 |
Special purpose tools
| Custom script | Perform validation challenge with your own script |
| Manual | Perform validation challenge manually (auto-renew not possible) |
| None | Certificate(s) are pre-authorized outside of simple-acme |
Unsupported challenge types
| TLS-SNI-01/-02 | Deprecated and removed | |
| PROOFOFPOSSESSION-01 | Unsupported |
Settings
Validation.DefaultValidation |
Default validation plugin.
Type: string Default: null (equivalent to "selfhosting", with "filesystem" as backup for unprivileged users.)
|
|
|---|---|---|
Validation.DefaultValidationMode |
Default validation method.
Type: string Default: null (equivalent to "http-01")
|
Looking for win-acme?
simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.