ACME protocol support.
1 vote
Relatively new Devolutions customer here, during our setup I had to generate several self signed certificates for the devolutions server and a handful of gateways. I would have preferred to use signed certificates, but managing and rotating them is untenable with how much work I have going on, something that would be a great boon to DVLS and Gateway would be ACME support to enable the automation of signed certs via lets encrypt, digicert, or other CA's that support the protocol.
Regards,
Zack.
All Comments (1)
Hi,
If you were to pick between DVLS and Devolutions Gateway for ACME support, which one would you rather have first?
I'm asking because automatic certificate renewal through ACME is normally done inside the reverse proxy, if there is one, but also because DVLS and Devolutions Gateway are two separate servers implemented in C# and Rust.
In your deployment, would it make sense to assume Devolutions Gateway is deployed in a way that the ACME protocol with the HTTP challenge could be used to automatically obtain certificates from letsencrypt? This would be the simplest to implement, but it requires public DNS with a public IP, and HTTP on TCP/80 accessible.
Otherwise we'd have to look into the ACME DNS challenge and that's an entirely different "challenge" given that it requires authentication with the DNS provider you are using to perform.
Please elaborate on the kind of ACME challenge you'd need to use, which CA (letsencrypt? Or a private CA that supports ACME?), and how you'd envision a complete ACME certificate fetching and renewal flow.
Best regards,
Marc-André Moreau