ACME and the WebPKI

Automatic HTTPS, for free ! #

HTTPS is HTTP, but secure (thus the extra “S”). HTTPS relies on the TLS (Transport Layer Security) protocol and X.509 certificates to provide encryption, authentication, and data integrity. HTTPS plays a crucial role in the Internet’s security. It ensures that clients connect to websites they intend to and that the data transferred to/from these sites is not readable nor modified by others.

Acquiring TLS web server certificates used to be slow, cumbersome, and expensive. This isn’t the case anymore.
Acquiring certificates is now fast, easy, automatic, and free thanks to the ACME protocol and free TLS web server certificates offered by publicly trusted ACME CAs (Certificate Authorities) like Let’s Encrypt and Google Trust Services.

HTTPS adoption keeps growing since Let’s Encrypt became generally available in 2016. As shown on Google’s HTTPS transparency report, HTTPS is now the norm. For instance, Cloudflare shut down all cleartext HTTP ports on api.cloudflare.com in 2025.

HTTPS and digital certificates are foundational layers of the Internet. Website operators shouldn’t have to think about it. HTTPS should be automatically provisioned for all websites. Regrettably, too many site operators still manage their certificates manually.
This site provides resources to better understand the WebPKI and automate the lifecycle management of digital certificates using ACME, preferably using free DV (Domain Validated) TLS web server certificates.

If your setup allows it, the best way to manage certificates is to have someone else do it for you! All major cloud providers offer managed certificate solutions, which are integrated in most of their cloud hosting services. For example:

If you’re unable to delegate the management of your certificates, see the getting started page for automating the lifecycle management of your certificates using the ACME protocol.

acmeprotocol.dev is a side project from Fabien Hochstrasser. The opinions expressed on this website are my own and do not reflect the views of my current or former employers.