Thomas Ottenhus

Are you able to provide a whole log of both the ACME and the Appliance? Email will do - I'd like to understand the process and _when_ it fails. Regarding...

Besides the error described here, there might be an error state, when clients wanted to use set-account - it's been resolved

Gude, die Schnittstelle von Apple nutzt AFAIK das bisher nicht endgültig in einen Standard gegossene "device-attest-01" (https://www.ietf.org/archive/id/draft-acme-device-attest-02.html) Die IANA listet das bisher nicht als "offizielle" Methoden für einen ACME Server...

Eventuell abbildbar mit V3 / Email + Device weiterhin problematisch. Dennoch schließe ich das Issue, da die Entwicklung für den device-attest in einem anderen getrackt wird.

Currently only dns identifiers are supported, but this one looks rather simple to do. So I'd say yes - possible and will be implemented in the future.

https://github.com/glatzert/ACME-Server-ADCS/releases/tag/V3.0.0-alpha1 now implements RFC 8738. It's not tested on a server yet, but it feels promising, since it's not too far from dns with http-01

I just release alpha2, which also has a test supporting that IPv4 and v6 are now properly validated during CSR/SAN validation

This is done and together with profile support is configurable in 3.0.0. I'll publish a new build in some days.

It's intentionally written to exclude education providers taking more than some "adminsitration fee". If you like I can be more precise with that in the licence, by specifically excluding "pay...