ACME Renewal Information (ARI) Extension

[lukastribus]

Hello,

this is a feature request for:

Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension
https://www.ietf.org/archive/id/draft-ietf-acme-ari-02.html

This extension allows CA's to inform the ACME client that a renewal is necessary earlier than normal for example due to an upcoming mass revocation:

For example, a CA could suggest that clients renew prior to a mass-revocation event to mitigate the impact of the revocation

For example this would cover various mass revocation events like:
#4936

The alternative is that CA's need to email their users, which then have to --renew --force the affected certs.

Current status in other projects:

• Let's Encrypt and Google Trust Services CA's already support ARI
• Buypass CA will implement this within 4 months: https://bugzilla.mozilla.org/show_bug.cgi?id=1872738
• Client implementations include Lego, eggsampler, ACMEz, and win-acme.

I believe this would be a good addition to the client.

Lukas

[jcjones]

As a note, ACME Renewal Information (ARI) has entered Last Call. I would encourage acme.sh to consider implementing ARI.

[oxc]

As another note, Let's Encrypt is Ending Support for Expiration Notification Emails as of June 4, 2025, which I believe makes this even more relevant.

[Miyamoto72]

Since LE phases out its email notifications pretty soon (https://letsencrypt.org/2025/01/22/Ending-Expiration-Emails) I'd like to emphasize the importance of this issue.

LE has published a guide to integatrioof ARI, too: https://letsencrypt.org/2024/04/25/guide-to-integrating-ari-into-existing-acme-clients

Hopefully this helps to further the integration of ARI into acme.sh

[lukastribus]

RFC9773 has now been published and is no longer a draft.