ACME Responder Demo - dogtagpki/pki GitHub Wiki
An ACME responder demo is available at https://pki.demo.dogtagpki.org/acme.
Disclaimers:
-
This demo uses a self-signed CA signing certificate which is not valid for public use and could change at any time.
-
The database and certificates may be removed completely at any time.
-
Use at your own risk. There is no guarantee of accuracy, performance, availability, privacy, or security.
To access the demo with a Web browser, open https://pki.demo.dogtagpki.org/acme.
To access the admin interface, log in with the following credentials:
-
Username:
admin
-
Password:
Secret.123
To check ACME responder status, execute the following commands:
$ pki client-init $ modutil -dbdir ~/.dogtag/nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so $ pki -U https://pki.demo.dogtagpki.org acme-info
To enable/disable the ACME responder, execute the following commands:
$ pki -U https://pki.demo.dogtagpki.org -u admin -w Secret.123 acme-disable $ pki -U https://pki.demo.dogtagpki.org -u admin -w Secret.123 acme-enable
See also Using PKI ACME Responder and Managing PKI ACME Responder.
To access the demo with an ACME client, use the following endpoint: https://pki.demo.dogtagpki.org/acme/directory.
To perform certificate enrollment with HTTP-01, execute the following command:
$ certbot certonly --standalone \ --server https://pki.demo.dogtagpki.org/acme/directory \ --preferred-challenges http \ -d pki.example.com
To perform certificate enrollment with DNS-01, execute the following command:
$ certbot certonly --manual \ --server https://pki.demo.dogtagpki.org/acme/directory \ --preferred-challenges dns \ -d pki.example.com
See also Using PKI ACME Responder with Certbot.