Overview
The Automatic Certificate Management Environment (ACME) protocol automates the issuance, installation, and renewal of TLS certificates. Instead of generating a certificate signing request and driving the process by hand, an ACME client interacts with a Certificate Authority (CA) over a standard API to prove control of a domain and to fetch or renew a certificate.
Challenge Types
ACME validates control of a domain through a challenge. The ACME server issues a token, the ACME client (in this case Stalwart) proves it can respond to that token on behalf of the domain, and the server then issues or renews the certificate. Three challenge types are in common use, each suited to a different deployment:
Configuration
ACME providers are registered as AcmeProvider objects (found in the WebUI under Settings › TLS › ACME Providers). Each provider describes where to talk to the CA, which challenge to use, and which contacts are notified. The relevant fields are: