[RFC9773] ACME Renewal Information (ARI) ExtensionΒ #7
Description
Feature Overview
Support RFC9773 as a lightweight process of inquiring the ACME server on the certificate status and the best renewal window.
We don't intend to implement the OCSP stapling for ACME-issued certificates, both due to the implementation difficulties in the NGINX and due to the support being phased out by Let's Encrypt. Neither we are willing to implement periodic downloads of a humongous CRL database split into multiple files.
Limiting the revocation checks and forced reissuance to the regular renewal process at 2/3 of the cert lifetime is a bad option though, so ARI should fill that niche.
Alternatives Considered
No response
Additional Context
No response
Metadata
Metadata
Assignees
Labels
No labels