• In 2023, the author wrote about having an "old-school cert" on the https site. Things have changed and it's time to address why.
• The author was aware of the ACME protocol since 2018 but was horrified by it. Many existing clients are scary code and the author didn't want to run them.
• The author was stuck between not wanting to deal with the protocol and not wanting to allow existing project code. Over time, they cracked some barriers by ripping into existing projects to understand the spec.
• About six months ago, the author decided to move away from Gandi as a registrar and SSL provider. This led to the problem of dealing with the rbtb certificate and whether to pay more or deal with ACME.
• The author overcame their disgust for the protocol by writing small utility functions and libraries. They went through dead-ends but made progress by doing small pieces of work that connected.
• They discovered a "pebble" test server to practice implementing a client without bothering real CAs. After a lot of work, they had a tool that could generate a certificate.
• The author shared their original thoughts on implementing the protocol, including making RSA keys, CSRs, and dealing with various JSON and encoding operations.
• They also mentioned that their program no longer works exactly like this but this is where it started. So far, they have covered various aspects of the protocol but there is more to come.
• Randomly, the author found that at least one existing ACME client screws up the encoding of the publicExponent.
• The author thinks this complexity must be job security for someone.