Field Name	Field Type	Requests	Reference
status	string	new, account	[RFC8555]
contact	array of string	new, account	[RFC8555]
externalAccountBinding	object	new	[RFC8555]
termsOfServiceAgreed	boolean	new	[RFC8555]
onlyReturnExisting	boolean	new	[RFC8555]
orders	string	none	[RFC8555]
delegations	string	none	[RFC9115]

Field Name	Field Type	Configurable	Reference
status	string	false	[RFC8555]
expires	string	false	[RFC8555]
identifiers	array of object	true	[RFC8555]
notBefore	string	true	[RFC8555]
notAfter	string	true	[RFC8555]
error	string	false	[RFC8555]
authorizations	array of string	false	[RFC8555]
finalize	string	false	[RFC8555]
certificate	string	false	[RFC8555]
auto-renewal	object	true	[RFC8739]
star-certificate	string	false	[RFC8739]
allow-certificate-get	boolean	true	[RFC9115]
delegation	string	true	[RFC9115]

Field Name	Field Type	Configurable	Reference
identifier	object	true	[RFC8555]
status	string	false	[RFC8555]
expires	string	false	[RFC8555]
challenges	array of object	false	[RFC8555]
wildcard	boolean	false	[RFC8555]
subdomainAuthAllowed	boolean	false	[RFC9444]

Type	Description	Reference
accountDoesNotExist	The request specified an account that does not exist	[RFC8555]
alreadyRevoked	The request specified a certificate to be revoked that has already been revoked	[RFC8555]
badCSR	The CSR is unacceptable (e.g., due to a short key)	[RFC8555]
badNonce	The client sent an unacceptable anti-replay nonce	[RFC8555]
badPublicKey	The JWS was signed by a public key the server does not support	[RFC8555]
badRevocationReason	The revocation reason provided is not allowed by the server	[RFC8555]
badSignatureAlgorithm	The JWS was signed with an algorithm the server does not support	[RFC8555]
caa	Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate	[RFC8555]
compound	Specific error conditions are indicated in the "subproblems" array	[RFC8555]
connection	The server could not connect to validation target	[RFC8555]
dns	There was a problem with a DNS query during identifier validation	[RFC8555]
externalAccountRequired	The request must include a value for the "externalAccountBinding" field	[RFC8555]
incorrectResponse	Response received didn't match the challenge's requirements	[RFC8555]
invalidContact	A contact URL for an account was invalid	[RFC8555]
malformed	The request message was malformed	[RFC8555]
orderNotReady	The request attempted to finalize an order that is not ready to be finalized	[RFC8555]
rateLimited	The request exceeds a rate limit	[RFC8555]
rejectedIdentifier	The server will not issue certificates for the identifier	[RFC8555]
serverInternal	The server experienced an internal error	[RFC8555]
tls	The server received a TLS error during validation	[RFC8555]
unauthorized	The client lacks sufficient authorization	[RFC8555]
unsupportedContact	A contact URL for an account used an unsupported protocol scheme	[RFC8555]
unsupportedIdentifier	An identifier is of an unsupported type	[RFC8555]
userActionRequired	Visit the "instance" URL and take actions specified there	[RFC8555]
autoRenewalCanceled	The short-term certificate is no longer available because the auto-renewal Order has been explicitly canceled by the IdO	[RFC8739]
autoRenewalExpired	The short-term certificate is no longer available because the auto-renewal Order has expired	[RFC8739]
autoRenewalCancellationInvalid	A request to cancel an auto-renewal Order that is not in state "valid" has been received	[RFC8739]
autoRenewalRevocationNotSupported	A request to revoke an auto-renewal Order has been received	[RFC8739]
unknownDelegation	An unknown configuration is listed in the delegation attribute of the order request	[RFC9115]
onionCAARequired	The CA only supports checking CAA for hidden services in-band, but the client has not provided an in-band CAA	[draft-ietf-acme-onion-01]

Field Name	Resource Type	Reference
newNonce	New nonce	[RFC8555]
newAccount	New account	[RFC8555]
newOrder	New order	[RFC8555]
newAuthz	New authorization	[RFC8555]
revokeCert	Revoke certificate	[RFC8555]
keyChange	Key change	[RFC8555]
meta	Metadata object	[RFC8555]

Field Name	Field Type	Reference
termsOfService	string	[RFC8555]
website	string	[RFC8555]
caaIdentities	array of string	[RFC8555]
externalAccountRequired	boolean	[RFC8555]
auto-renewal	object	[RFC8739]
delegation-enabled	boolean	[RFC9115]
allow-certificate-get	boolean	[RFC9115]
subdomainAuthAllowed	boolean	[RFC9444]
onionCAARequired	boolean	[draft-ietf-acme-onion-01]

Label	Reference
dns	[RFC8555]
ip	[RFC8738]
email	[RFC8823][RFC5321][RFC6531]
TNAuthList	[RFC9448]

Label	Identifier Type	ACME	Reference
http-01	dns	Y	[RFC8555]
dns-01	dns	Y	[RFC8555]
tls-sni-01	RESERVED	N	[RFC8555]
tls-sni-02	RESERVED	N	[RFC8555]
http-01	ip	Y	[RFC8738]
tls-alpn-01	ip	Y	[RFC8738]
tls-alpn-01	dns	Y	[RFC8737]
email-reply-00	email	Y	[RFC8823]
tkauth-01	TNAuthList	Y	[RFC9447]
onion-csr-01	dns	Y	[draft-ietf-acme-onion-01]

Field Name	Field Type	Configurable	Reference
start-date	string	true	[RFC8739]
end-date	string	true	[RFC8739]
lifetime	integer	true	[RFC8739]
lifetime-adjust	integer	true	[RFC8739]
allow-certificate-get	boolean	true	[RFC8739]

Field Name	Field Type	Reference
min-lifetime	integer	[RFC8739]
max-duration	integer	[RFC8739]
allow-certificate-get	boolean	[RFC8739]

Extension Name	Extension Syntax and Reference	Mapping to X.509 Certificate Extension
keyUsage	[RFC9115, Appendix A]	[RFC5280, Section 4.2.1.3]
extendedKeyUsage	[RFC9115, Appendix A]	[RFC5280, Section 4.2.1.12]
subjectAltName	[RFC9115, Appendix A]	[RFC5280, Section 4.2.1.6] (note that only specific name formats are allowed: URI, DNS name, email address)

Automated Certificate Management Environment (ACME) Protocol

ACME Account Object Fields

ACME Order Object Fields

ACME Authorization Object Fields

ACME Error Types

ACME Resource Types

ACME Directory Metadata Fields

ACME Identifier Types

ACME Validation Methods

ACME Order Auto-Renewal Fields

ACME Directory Metadata Auto-Renewal Fields

STAR Delegation CSR Template Extensions

ACME Authority Token Challenge Types