diff --git a/security/Makefile b/security/Makefile
index 794fa8bf8335..0f1827861ae3 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1270,6 +1270,7 @@
     SUBDIR += truecrypt
     SUBDIR += tthsum
     SUBDIR += u2f-devd
+    SUBDIR += uacme
     SUBDIR += unhide
     SUBDIR += unicornscan
     SUBDIR += vanguards-tor
diff --git a/security/uacme/Makefile b/security/uacme/Makefile
new file mode 100644
index 000000000000..3483055950f4
--- /dev/null
+++ b/security/uacme/Makefile
@@ -0,0 +1,51 @@
+# $FreeBSD$
+
+PORTNAME=	uacme
+DISTVERSIONPREFIX=	upstream/
+DISTVERSION=	1.7
+CATEGORIES=	security www
+
+MAINTAINER=	tobik@FreeBSD.org
+COMMENT=	Lightweight C ACMEv2 client which uses external authenticators
+
+LICENSE=	GPLv3+
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libcurl.so:ftp/curl
+
+USES=		gmake pkgconfig
+USE_GITHUB=	yes
+GH_ACCOUNT=	ndilieto
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--datadir=${EXAMPLESDIR:H} \
+		--disable-maintainer-mode \
+		--sysconfdir=${PREFIX}/etc
+
+OPTIONS_DEFINE=		DOCS EXAMPLES MANPAGES UALPN
+_OPENSSL_SAFE=		${(${OPSYS} == FreeBSD && ${OSVERSION} < 1200085 && ${SSL_DEFAULT} == base) || ${SSL_DEFAULT} == libressl || ${SSL_DEFAULT} == libressl-devel:?no:yes}
+OPTIONS_DEFAULT=	${${_OPENSSL_SAFE} == no:?GNUTLS:OPENSSL} MANPAGES \
+			UALPN
+OPTIONS_SINGLE=		CRYPTO
+OPTIONS_SINGLE_CRYPTO=	GNUTLS MBEDTLS OPENSSL
+OPTIONS_EXCLUDE=	${${_OPENSSL_SAFE} == no:?OPENSSL:}
+OPTIONS_SUB=		yes
+
+CRYPTO_DESC=	Crypto library
+UALPN_DESC=	Install the proxying ACMEv2 tls-alpn-01 responder ualpn(1)
+
+GNUTLS_LIB_DEPENDS=		libgnutls.so:security/gnutls
+GNUTLS_CONFIGURE_WITH=		gnutls
+MANPAGES_BUILD_DEPENDS=		asciidoc:textproc/asciidoc
+MANPAGES_CONFIGURE_ENABLE=	docs
+MBEDTLS_BROKEN=			needs mbedtls >= 2.25, 2.16.x lacks mbedtls_x509_crt_parse_der_with_ext_cb support
+MBEDTLS_LIB_DEPENDS=		libmbedtls.so:security/mbedtls
+MBEDTLS_CONFIGURE_WITH=		mbedtls=${LOCALBASE}
+OPENSSL_USES=			ssl
+OPENSSL_CONFIGURE_WITH=		openssl=${OPENSSLBASE}
+UALPN_CONFIGURE_WITH=		ualpn
+
+post-install-DOCS-on:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.mk>
diff --git a/security/uacme/distinfo b/security/uacme/distinfo
new file mode 100644
index 000000000000..d8cb68d73f0d
--- /dev/null
+++ b/security/uacme/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1611663220
+SHA256 (ndilieto-uacme-upstream-1.7_GH0.tar.gz) = 32ca99851194cadb16c05f3c5d32892b0b93fc247321de2b560fa0f667e6cf04
+SIZE (ndilieto-uacme-upstream-1.7_GH0.tar.gz) = 327941
diff --git a/security/uacme/pkg-descr b/security/uacme/pkg-descr
new file mode 100644
index 000000000000..d9e6907058a3
--- /dev/null
+++ b/security/uacme/pkg-descr
@@ -0,0 +1,9 @@
+Lightweight client for the RFC8555 ACMEv2 protocol, written in plain
+C with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or
+mbedTLS).  The ACMEv2 protocol allows a Certificate Authority (Let's
+Encrypt is a popular one) and an applicant to automate the process
+of verification and certificate issuance.  The protocol also provides
+facilities for other certificate management functions, such as
+certificate revocation.
+
+WWW: https://github.com/ndilieto/uacme
diff --git a/security/uacme/pkg-plist b/security/uacme/pkg-plist
new file mode 100644
index 000000000000..8c65a6104a52
--- /dev/null
+++ b/security/uacme/pkg-plist
@@ -0,0 +1,10 @@
+bin/uacme
+%%UALPN%%bin/ualpn
+%%MANPAGES%%man/man1/uacme.1.gz
+%%UALPN%%%%MANPAGES%%man/man1/ualpn.1.gz
+%%PORTDOCS%%%%DOCSDIR%%/README.md
+%%MANPAGES%%%%PORTDOCS%%%%DOCSDIR%%/uacme.html
+%%UALPN%%%%MANPAGES%%%%PORTDOCS%%%%DOCSDIR%%/ualpn.html
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/nsupdate.sh
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/uacme.sh
+%%UALPN%%%%PORTEXAMPLES%%%%EXAMPLESDIR%%/ualpn.sh