The x/crypto/acme package implements RFC 8555 and associated ACME specifications. Presently it has unit test coverage, but lacks significant integration test coverage for end-to-end protocol operation. Additionally, as more new functionality (e.g. ACME renewal information, ACME profiles) is considered to be added to this package it would be helpful to have a reference implementation to test against that doesn't require an online 3rd party API.
The Pebble project was created by Let's Encrypt specifically to aid integration testing for ACME clients, with an eye towards encouraging interoperability by choosing behaviour divergent from Let's Encrypt's staging/production environments to avoid over-fitting. It also acts as a test-bed for newer protocol features like ARI, often gaining support ahead of production servers. See this blog post for a broader introduction to Pebble.
The x/crypto/acme package should add integration tests based on Pebble. Likely the best way to do this is similar to the approach used for BoGo and ACVP testing, using a mechanism like cryptotest.FetchModule to acquire Pebble as necessary. Once acquired it should be possible to configure per-test Pebble instances to allow changing server config based on the requirements of individual tests and to avoid any cross-test influence due to mechanisms like authz reuse.
Comment From: gopherbot
Change https://go.dev/cl/677576 mentions this issue: acme: fix TLSALPN01ChallengeCert for IP address identifiers
Comment From: cpu
Some initial work towards TLS-ALPN-01 and HTTP-01 end-to-end issuance & certificate verification: https://go.dev/cl/677575
One small bug/API tweak fell out of trying to do a TLS-ALPN-01 challenge verification for an IP address identifier: https://go.dev/cl/677576
Comment From: gopherbot
Change https://go.dev/cl/677575 mentions this issue: acme: add Pebble integration testing