
Show HN: Step-ca is a self-hosted open-source CA that supports ACME - mmalone
https://github.com/smallstep/certificates
======
mmalone
We just added ACME support to `step-ca`, an open source private certificate
authority that I work on. ACME is the protocol that Let's Encrypt uses to
automate certificate management for websites.

ACME support in `step-ca` means you can leverage existing ACME clients and
libraries to get certificates from your own private certificate authority
(CA). This is particularly useful for:

* Using ACME in production to issue certificates to workloads, proxies, queues, databases, etc. so you can use mutual TLS for authentication & encryption.

* Simulating Let’s Encrypt’s CA in dev & pre-production in scenarios where connecting to Let’s Encrypt’s staging server is problematic.

We're supporting the `http-01` and `dns-01` challenge types, so you should be
able to get certs using any ACMEv2 client that supports one of these (most
do).

* More info and examples on our blog: [https://smallstep.com/blog/private-acme-server/](https://smallstep.com/blog/private-acme-server/)

* step-ca is on GitHub: [https://github.com/smallstep/certificates](https://github.com/smallstep/certificates)

We've been working on this for a while so we're psyched to release it and see
how people use it! Let us know what you think!

