Integration with ACME
Created by: vanrein
It has long been difficult to roll certificates, but the ACME specification is finally making it happen. It's the protocol adopted by the Let's Encrypt service.
It would be good to integrate this facility with the TLS Pool, so we can setup keys in PKCS #11 (closed) and certificates in the databases and roll them automatically. This has been the purpose all along, but the link to ACME must still be built.
The best validation option appears to be the TLS SNI Validation Challenge, which requires setting up an A and/or AAAA record in DNS and response to the corresponding SNI. We should be careful that this is not strictly a solution for HTTP, however, but usable for any and all protocol. That is the only condition under which the TLS Pool could incorporate ACME, because it deliberately does not make a protocol choice.