Thanks for the clarification. I guess I'll have to find a few friends to run an ACME service together with. Unfortunately, in most cases the certificate store is global across applications, so presumably we'll hit a brick wall with browser requirements.
(The services are all TLS based. They are just not HTTP based, and CRLs are generally delivered via HTTP. And I'm not going to wrangle a HTTP client into my mail server, or worse, postgres instance. The latter could also work with a local CA, it's primarily SMTP that doesn't.)
(...or I just ignore revocation and cross my fingers it'll never come up...)
(The services are all TLS based. They are just not HTTP based, and CRLs are generally delivered via HTTP. And I'm not going to wrangle a HTTP client into my mail server, or worse, postgres instance. The latter could also work with a local CA, it's primarily SMTP that doesn't.)
(...or I just ignore revocation and cross my fingers it'll never come up...)