From 678e7f30dc693c8db8b546be6354247ef4c4e257 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Thu, 6 Nov 2025 18:15:39 +0000
Subject: [PATCH 1/3] Add tiny-acme

---
 tutorials/acme-protocol-acme-clients.mdx | 37 +++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/tutorials/acme-protocol-acme-clients.mdx b/tutorials/acme-protocol-acme-clients.mdx
index 1a5dfe2a..c1314e1a 100644
--- a/tutorials/acme-protocol-acme-clients.mdx
+++ b/tutorials/acme-protocol-acme-clients.mdx
@@ -1,5 +1,5 @@
 ---
-updated_at: September 18, 2025
+updated_at: November 06, 2025
 title: Configure popular ACME clients to use a private CA with the ACME protocol
 html_title: Configure ACME Clients with step-ca Tutorial
 description: Configure popular ACME clients with step-ca. Support for Certbot, acme.sh, and other ACME implementations for automated certificate management.
@@ -97,6 +97,7 @@ Choose a renewal period that is two-thirds of the entire certificate's lifetime,
 * [Certbot](#certbot)
 * [acme.sh](#acmesh)
 * [lego](#lego)
+* [tiny-acme](#tiny-acme)
 * [win-acme](#win-acme)
 * [Caddy v2](#caddy-v2)
 * [NGINX](#nginx)
@@ -233,6 +234,40 @@ You can automate renewal with a simple `cron` entry:
 */15 * * * * root LEGO_CA_CERTIFICATES="$(step path)/certs/root_ca.crt" lego --email=you@example.com -d foo.internal --http renew
 ```
 
+### tiny-acme
+
+[acme-tiny][] is a minimalist ACME client that provides just what you need for automated certificate issuance—nothing more.
+It's written in Python and is designed to be simple, auditable, and easy to understand.
+
+[acme-tiny]: https://github.com/diafygi/acme-tiny
+
+To get a certificate from `step-ca` using `acme-tiny` you need to:
+
+1. Point `acme-tiny` at your ACME directory URL using the `--directory-url` flag
+2. Tell `acme-tiny` to trust your root certificate using the `REQUESTS_CA_BUNDLE` environment variable
+
+For example:
+
+```shell
+REQUESTS_CA_BUNDLE=$(step path)/certs/root_ca.crt \
+    python acme_tiny.py \
+    --account-key account.key \
+    --csr domain.csr \
+    --acme-dir /var/www/challenges/ \
+    --directory-url https://ca.internal/acme/acme/directory \
+    > signed_chain.crt
+```
+
+`acme-tiny` uses the `http-01` challenge type, where it writes challenge files to a directory that your web server serves. You'll need to configure your web server to serve files from the directory specified by `--acme-dir`.
+
+You can automate renewal with a simple `cron` entry:
+
+```shell
+0 0 * * * REQUESTS_CA_BUNDLE=$(step path)/certs/root_ca.crt python /path/to/acme_tiny.py --account-key /path/to/account.key --csr /path/to/domain.csr --acme-dir /var/www/challenges/ --directory-url https://ca.internal/acme/acme/directory > /path/to/signed_chain.crt 2>> /var/log/acme_tiny.log
+```
+
+Like with `certbot`, you'll want to adjust the renewal frequency based on your certificate lifetime. For `step-ca`'s default 24-hour certificate lifetimes, you may want to run renewals more frequently.
+
 ### win-acme
 
 [win-acme][] (`wacs.exe`) is a popular ACME client for Windows.

From a9b452b10c16776134cdb4c7db8cbd2b99492131 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Thu, 6 Nov 2025 20:03:14 +0000
Subject: [PATCH 2/3] Update tutorials/acme-protocol-acme-clients.mdx

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
---
 tutorials/acme-protocol-acme-clients.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tutorials/acme-protocol-acme-clients.mdx b/tutorials/acme-protocol-acme-clients.mdx
index c1314e1a..4f25d7e4 100644
--- a/tutorials/acme-protocol-acme-clients.mdx
+++ b/tutorials/acme-protocol-acme-clients.mdx
@@ -97,7 +97,7 @@ Choose a renewal period that is two-thirds of the entire certificate's lifetime,
 * [Certbot](#certbot)
 * [acme.sh](#acmesh)
 * [lego](#lego)
-* [tiny-acme](#tiny-acme)
+* [acme-tiny](#acme-tiny)
 * [win-acme](#win-acme)
 * [Caddy v2](#caddy-v2)
 * [NGINX](#nginx)

From c17cc681a6ae17823e8c0ae087fef13b15387c5d Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Thu, 6 Nov 2025 20:03:20 +0000
Subject: [PATCH 3/3] Update tutorials/acme-protocol-acme-clients.mdx

Co-authored-by: Herman Slatman <hslatman@users.noreply.github.com>
---
 tutorials/acme-protocol-acme-clients.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tutorials/acme-protocol-acme-clients.mdx b/tutorials/acme-protocol-acme-clients.mdx
index 4f25d7e4..b48aeab5 100644
--- a/tutorials/acme-protocol-acme-clients.mdx
+++ b/tutorials/acme-protocol-acme-clients.mdx
@@ -234,7 +234,7 @@ You can automate renewal with a simple `cron` entry:
 */15 * * * * root LEGO_CA_CERTIFICATES="$(step path)/certs/root_ca.crt" lego --email=you@example.com -d foo.internal --http renew
 ```
 
-### tiny-acme
+### acme-tiny
 
 [acme-tiny][] is a minimalist ACME client that provides just what you need for automated certificate issuance—nothing more.
 It's written in Python and is designed to be simple, auditable, and easy to understand.