URL: https://github.com/freeipa/freeipa/pull/5170 Author: rcritten Title: #5170: Centralize enable/disable of the ACME service Action: opened PR body: """ Centralize enable/disable of the ACME service The initial implementation of ACME in dogtag and IPA required that ACME be manually enabled on each CA. dogtag added a REST API that can be access directly or through the `pki acme` CLI tool to enable or disable the service. It also abstracted the database connection and introduced the concept of a realm which defines the DIT for ACME users and groups, the URL and the identity. This is configured in realm.conf. A new group was created, Enterprise ACME Administrators, that controls the users allowed to modify ACME configuration. The IPA RA is added to this group for the ipa-acme-manage tool to authenticate to the API to enable/disable ACME. Two ACME configuration templates were removed so that the dogtag defaults would be used, configsources.conf and engine.conf. Related dogtag installation documentation: https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Confi... https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Confi... https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Insta... ACME REST API: https://github.com/dogtagpki/pki/wiki/PKI-ACME-Enable-REST-API https://pagure.io/freeipa/issue/8524 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5170/head:pr5170 git checkout pr5170