During #sstic conference (FR infosec reference con), I have done a lightning talk about benefits you can have to deploy an #ACME frontend (Serles ACME proxy in our case) in front of your private PKI in your private corporate network.

One main #takeaway is the great diversity it exists among ACME clients due to its open and standardised format. This diversity in terms of languages and technologies allows a lot of different people among our internal IT ecosystem (developers, sysadmins, devops, architects, network guys...) to adopt ACME.

The final result is a greatly wider adoption of certificates automation inside our private network and a less work for Security team. With zero change (organisational nor added people ) on the PKI side.

Reference (FR only for the talk sorry 😔):
. Slides github.com/AssuranceMaladieSec
. Talk static.sstic.org/rumps2023/SST
. Serles ACME proxy github.com/dvtirol/serles-acme
. Lego ACME client github.com/go-acme/lego

Needed to diagnose a network problem and watch multiple pings. So I opened tmux, Ctrl-B % and Ctrl-B " a few times, then pinged outside, the gateway and two internal hosts and used lolcat to make it easier to detect change in drop patterns.
tmux
ping -i 0.2 8.8.8.8 | lolcat

nanao

Comme le soleil, les machines ne se couchent jamais.