Google on Thursday announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users, allowing them to automatically acquire and renew TLS certificates for free.
The ACME protocol was designed to automate TLS certificate lifecycle through APIs that are supported by dozens of clients, and has become the standard for certificate management across the internet, with most TLS certificates in the WebPKI being issued by ACME certificate authorities.
The protocol’s automated certificate renewal capabilities ensure that users do not experience outages, which are common with manual certificate renewals.
Now available to all users with a Google Cloud account, the Google Trust Services ACME API has been used to issue over 200 million certificates during the preview period. According to Google, the API provides the same compatibility that major services offer.
“The service recently expanded support for Google Domains customers. By further opening up the service, we’re adding another tool to Google’s Cyber Security Advancements, keeping individuals, businesses, and governments safer online through highly trusted and free certificates,” Google says.
To enhance the certificate ecosystem, the internet giant also announced the ACME Renewal Information (ARI) standard for renewal management and the general availability of multi-perspective domain validation (MPDV), for an enhanced certificate issuance process.
An Internet Engineering Task Force (IETF) draft authored by Let’s Encrypt, ARI is an extension to the ACME protocol that helps renew certificates if revocation occurs before expiration.
Via an API, it informs service operators when a certificate must be replaced, helping with the management of large certificate populations.
MPDV ensures that domain control verification is performed from multiple locations, to improve the reliability of validation by preventing localized attacks that attempt to trick the verification checks.