> On 16 Apr 2015, at 15:09, Jacob Hoffman-Andrews <[email protected]> wrote: > > On 04/15/2015 11:04 PM, Bruce Gaya wrote: >> I want to use an ACME client to get a new certificate without taking down my >> existing web services that are using a port 443 (with a self-signed >> certificate or a certificate issued by another CA). > Right now the Simple HTTP and DVSNI challenges are designed specifically > to work well with a running server. For the DVSNI challenge type, the > web server must support config reloads without downtime in order to make > the test cert available under a special SNI name. Can you tell us more > about why these approaches won’t work for you?
Because using a client-defined port for call backs does not have the requirement you just mentioned, That leads to simpler ACME client design. Why must there be a dependency on another process that is already using port 443? Bruce _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
