Leaving BuyPass as an ACME provider

For a long time I've been using BuyPass as TLS certificates provider for ACME. Unfortunately they decided to disengage from this area of services.

There are quite a few ACME providers. Some even look like they could replace BuyPass, which had two strong traits: it is based in Europe and was providing certificates valid for half a year. It looked like Actalis would be a good replacement. They're from Italy and have 1 year certificates, but available in paid plans only.

After some tinkering with cert-manager I was unable to make it work. Some cryptic, discouraging messages like "ACME server URL host and ACME private key registration host differ. Re-checking ACME account registration" and "failed to verify ACME account" err="failed to decode external account binding key data: illegal base64 data at input byte 43" made me look further.

Next shot, ZeroSSL worked straight away. Worth noting – official cert-manager documentation has a tutorial on using ZeroSSL. There are some limitation, but it's fine to me. There's nothing more to write, it just works.

For private services (meant to be accessed only from my devices), I'm using FreeIPA as an ACME provider, of course.

Why not Let's Encrypt? Only because it is not hipster enough.

This is post 001/100 of 100DaysToOffload challenge. I intend to write short posts about nothing in particular, just collected thoughts. Language will vary: Polish, English, maybe Arabic if I get back to learning it.