The Everything Feed - All Packet Pushers Pods PP086: Using Let’s Encrypt and the ACME Protocol for Domain Validation Certificates
Nov 11, 2025
In this engaging discussion, Ed Harmoush, a former AWS and Rackspace network engineer and creator of Practical Networking, dives into the world of Let's Encrypt and the ACME protocol. He shares insights on the importance of automating domain validation certificates and the positive impact of Let's Encrypt on HTTPS adoption. Ed explains the roles of ACME clients and servers and how they streamline the certificate issuance process. He also emphasizes why reducing certificate validity periods is crucial in today's security landscape, making automation an essential part of network management.
AI Snips
Chapters
Transcript
Episode notes
Always Prime ACME With A Nonce
- Ensure your ACME client requests a nonce first to prevent replay attacks before signed requests.
- Let the client handle nonce sequencing to maintain secure request/response flow.
ACME Accounts Use Keypairs, Not Passwords
- ACME accounts are keyed to a public/private key pair and group your certificate requests for automation.
- The account key signs subsequent ACME requests but doesn't itself identify you as a person.
Specify All Domains In The New Order
- When creating a new ACME order, list every domain and wildcard you need in the request.
- Expect an authorization URL per domain to begin the validation process.