A Java client for the Automatic Certificate Management Environment (ACME) protocol as specified in RFC 8555.

ACME is a protocol that a certificate authority (CA) and an applicant can use to automate the process of verification and certificate issuance.

This Java client helps connecting to an ACME server, and performing all necessary steps to manage certificates.

The source code can be found at GitHub and is distributed under the terms of Apache License 2.0.

Latest version: maven central


  • Mature and stable code base. First release was in December 2015!
  • Fully RFC 8555 compliant
  • Supports the http-01, dns-01, and tls-alpn-01 (RFC 8737) challenges
  • Supports RFC 8738 IP identifier validation
  • Supports RFC 8739 short-term automatic certificate renewal (experimental)
  • Supports RFC 8823 for S/MIME certificates (experimental)
  • Supports RFC 9444 for subdomain validation
  • Supports draft-ietf-acme-ari-03 for renewal information (experimental)
  • Easy to use Java API
  • Requires JRE 11 or higher
  • Supports Let's Encrypt,, ZeroSSL, and all other CAs that comply with the ACME protocol (RFC 8555). Note that acme4j is an independent project that is not supported or endorsed by any of the CAs.
  • Built with maven, packages available at Maven Central
  • Extensive unit and integration tests
  • Adheres to Semantic Versioning


Quick Start

There is an example source code included in this project. It gives an example of how to get a TLS certificate with acme4j.


acme4j consists of four modules. All modules are available at Maven Central and can easily be added to the dependency list of your project. You can also download the jar files at GitHub.


acme4j-client is the main module. It contains everything that is required to get certificates for domains.

The Java module name is org.shredzone.acme4j.


acme4j-smime contains the RFC 8823 implementation for ordering S/MIME certificates. It requires Bouncy Castle and a javax.mail implementation.

The Java module name is org.shredzone.acme4j.smime.

This module only contains an example code that demonstrates how to get a certificate with acme4j. It is not useful as a dependency in other projects.

acme4j-it mainly serves as integration test suite for acme4j itself. It is not really useful as a dependency in other projects. However if you write own integration tests using pebble and pebble-challtestsrv, you may find the challtestsrv configuration client useful in your project.

The Java module name is


Follow our Mastodon feed for release notes and other acme4j related news.


If you would like to support my work on acme4j, you can do so on at GitHub Sponsors or at Ko-Fi. Thank you!


acme4j is open source software. The source code is distributed under the terms of Apache License 2.0.