At https://github.com/letsencrypt/boulder/blob/97390560a3bf1f68404087c7011752cf1e4bc302/va/va.go#L421, we log when an RPC to a remote VA failed (e.g. due to network timeout or connection refused). However, we don't currently have a stat that shows just that number (as opposed to overall validation failures, which includes cases where we got, e.g., and invalid challenge token). We should add a stat

What would you like to be added

I would love to have a MongoDB database connector.

Why this is needed

All our other services use MongoDB and I would love to keep everything unified in one database system.

Failing that, is it possible to provide a pluggable webhook that we can have and then enter into our own database?

The tool should be smart enough to support reading pkcs8 private keys.

Ideally, we should support writing pkcs8 private keys if the user desires.

The config file is currently mandatory. Some parts of cashierd can be configured via environment variables (I'm really not sure why I did this) but ideally the config should be entirely settable using cmdline flags and the config file should be optional.

Seriously. This software is so well done. It takes a bit of getting used to but once you know what you're doing it's so incredibly useful.

When I first tried to get Pebble running using the binary I downloaded from the releases, it complained about missing files it was looking for. I got it working by copying the test directory from the source repository into the same folder as the Pebble binary. With that, I was able to run Pebble without needing to specify any arguments.

This would be useful to document for people just startin

Similar to https://mkcert.org/ we should be able to create whatever output format from applying a whitelist against a store. This would mean cert-manage would create files like: java truststores, pem bundles, etc