noticed other ACME-compatible CAs

24655292 · anarcat · 947a0d83 · 24655292
Verified Commit 24655292 authored 4 years ago by anarcat
--- a/howto/tls.md
+++ b/howto/tls.md
@@ -143,6 +143,9 @@ time of writing (2020-04-15):
 [Fastly]: https://www.fastly.com/
 [Globalsign]: https://globalsign.com
 [Let's Encrypt]: https://letsencrypt.org
+
+See also the [alternative certificate authorities we could consider](#Other-Certificate-Authorities).
+
 ### Internal auto-ca

 The internal "auto-ca" is a standalone certificate authority running
@@ -308,6 +311,18 @@ CA instead of just OpenSSL, although that might be overkill. In
 general it might be preferable to reuse an existing solution than
 maintain our own software in Make.

+### Other Certificate Authorities
+
+There are actually a few other ACME-compatible certificate authorities
+which issue free certificates. The [https.dev site](https://https.dev/) [lists a few
+alternatives](https://docs.https.dev/list-of-acme-servers) which are, at the time of writing:
+
+ * [Let's Encrypt](https://letsencrypt.org/) - currently in use
+ * [ZeroSSL](https://zerossl.com/documentation/acme/) - Sectigo reseller
+ * [BuyPass](https://www.buypass.com/ssl/products/acme) - Norway CA
+ * [Sectigo](https://sectigo.com/resource-library/sectigos-acme-automation) - formerly known as Comodo CA
+ * [InCommon](https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000bvYj) - also Sectigo?
+
 ### HPKP

 HPKP used to be used at Tor, but we expired it in March 2020 and