Introducing ACME Email

Let’s Encrypt (LE) has shifted the Internet’s security paradigm to another dimension. Providing web certificates for free implies that every web site can be secured easily. This offers an important enhance on security and robustness, specially to avoid phishing actions.

However, LE does not provide any mechanism to perform the same approach to email addresses. S/MIME can be used to sign and verify email addresses, but it requires a different certificate, which is not free.

Nevertheless, LE and Security Research Group (SRG) defined the ACME protocol, used by LE to provide digital certificates automatically. Currently there is a draft specification on the ACME protocol to perform the web approach to email addresses. It is called Extensions to Automatic Certificate Management Environment for end-user S/MIME certificates and it defines a set of specifications to deploy automatic email certificates.

Here we present ACME Email Server, probably the first ACME Email server. We developed a client, based on Certbot, which is able to obtain and negotiate automatic email certificates, ready to sign with S/MIME.

You can find more information and downloads in