NGINX Introduces Native ACME Integration for SSL/TLS Management

NGINX has announced the integration of the ACME protocol into its platform, enabling seamless and automated management of SSL/TLS certificates. This new feature is available in both the open-source and Plus versions of NGINX.

The Automated Certificate Management Environment (ACME) protocol was developed by the Internet Security Research Group as part of the Let's Encrypt initiative. It aims to streamline the often labor-intensive and error-prone process of obtaining and renewing digital certificates. By utilizing ACME, web servers can directly communicate with certificate authorities to request, validate, renew, or revoke certificates without requiring manual intervention from administrators.

With this new implementation, administrators can configure ACME directly through NGINX directives, eliminating the need for external tools such as Certbot. The ngx_http_acme_module, developed in Rust, serves as a dynamic module available in both the open-source and commercial Plus editions of NGINX. This native integration aims to reduce potential errors and security risks while enhancing platform independence.

The setup process is straightforward, involving specifications for the ACME server (e.g., Let's Encrypt), configuring storage areas for certificates and validation data, and automating the issuance and renewal of certificates. Initially, the integration supports the HTTP-01 challenge, where a web server proves domain ownership via an HTTP request. Future updates are expected to introduce additional challenges, such as TLS-ALPN and DNS-01.

Administrators can easily specify the domains for which certificates are to be issued, allowing NGINX to manage the entire lifecycle of the certificates. Currently, the ACME integration is offered in a preview mode, with guidance available in the NGINX announcement. Technical specifications are also detailed in the module documentation on GitHub.