Native ACME Support Comes to NGINX By Josh Aas · September 11, 2025 --- Overview Let's Encrypt announced that NGINX, the widely used web server, reverse proxy, and Kubernetes ingress controller, now offers native support for the ACME protocol through its official ngxhttpacme module, implemented in memory-safe Rust. This development allows simplified and automated management of SSL/TLS certificates directly within NGINX, without relying on third-party tools. Key Points Automatic Certificate Management: NGINX's native ACME support enables automatic obtaining and renewal of Let's Encrypt certificates with minimal human intervention, aligning with Let's Encrypt's vision of an open and secure web. Broader Adoption: With NGINX joining other web servers like Traefik, Caddy, and Apache httpd in supporting ACME natively, a significant majority of sites can now integrate SSL certificate management within the server software itself. Benefits of Native Integration: More seamless and efficient certificate management. Reduces operational overhead by eliminating the need for separate ACME clients. Supports diverse hosting environments, from home labs to large-scale enterprises. Options for Users: Users can opt for native ACME integration in web servers. Alternatively, third-party ACME clients are available and supported, offering flexibility for custom environments. Developer Resources: Guidance on the ACME protocol is available for developers interested in integration. Existing ACME libraries and reusable software components can be leveraged. The Let's Encrypt community forum hosts the Client Dev conversation to support development efforts. Quote "NGINX and Let's Encrypt share a common vision of an open and secure web. Now, with built-in support for ACME, the world's most popular web server, reverse proxy and ingress controller for Kubernetes can simplify certificate management for everyone. From the home lab to scaled-out, mission-critical enterprise deployments." — Liam Crilly, Sr Dir, Product Management, F5 NGINX Acknowledgments Let's Encrypt extends thanks to NGINX and its parent company F5 for their sponsorship, which supports Let's Encrypt's service to nearly 700 million websites. --- About Let's Encrypt A free, automated, and open Certificate Authority operated by the nonprofit Internet Security Research Group (ISRG). ISRG's 2024 Annual Report details ongoing nonprofit work. Legal Address: 548 Market St, PMB 77519, San Francisco, CA 94104-5401, USA. Mailing Address: PO Box 18666, Minneapolis, MN 55418-0666, USA. Additional Resources and Links NGINX ACME Module Documentation Let's Encrypt ACME Protocol Info Client Options and Libraries Client Dev Community Forum Let's Encrypt Stats Let's Encrypt Donate Page Stay Updated Subscribe for email updates about Let's Encrypt and ISRG projects via their newsletter. --- © 2025 Internet Security Research Group (ISRG) Privacy Policy | Terms | Trademark Policy Follow on GitHub and LinkedIn