httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: mod_md : not possible to use Lets-Encrypt-Win-Simple
Date Mon, 19 Mar 2018 07:24:24 GMT
Thanks, Arkadiusz, that sounds reasonable. I will make that change and let you know.

For tracking and so that other Apache user can find it more easily, could you open a short
bug report here? Thanks!

> Am 18.03.2018 um 19:00 schrieb Arkadiusz Miśkiewicz <arekm@maven.pl>:
> 
>> On Sunday 18 of March 2018, Eric Covener wrote:
>>> On Sun, Mar 18, 2018 at 1:41 PM, Steffen <info@apachelounge.com> wrote:
>>> Did some tests:
>>> 
>>> http://www.apachelounge.com/viewtopic.php?p=36624#36624
>>> 
>>> 
>>> My conclusion (correct me if I am wrong):
>>> 
>>> When you run mod_md  , you cannot use a client which uses TLS .
>>> 
>>> It is a limitation when  Apache user has an "old"  LE account and uses a
>>> acme client with/without mod_md
>>> 
>>> TLS-SNI challenge was disabled by Let's Encrypt back in January, but old
>>> users can still use it. Old accounts are whitelisted.
>>> 
>>> 
>>> Let's Encrypt says:
>>> 
>>> 
>>> ....whitelisting mechanisms are live. If you have a certificate renewal
>>> that has been failing due to the TLS-SNI disablement, you should now be
>>> able to renew.
>> 
>> After reading the above and the last post in the forum, it sounds like
>> the requirement is:
>> 
>> "Need an option to disable the handling of /.well-known by mod_md so
>> an external ACME client can be used more easily".
>> 
>> It seems a bit weird to load mod_md and not use it as your ACME
>> client, but it's a reasonable request.
> 
> Or better be able to handle both. If no on disk challenge then fallback to 
> mod_md (or the other way).
> 
> -- 
> Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )


Mime
View raw message