I am getting really nervous about allowing any port other than 443. I just did a scan of a very recent clean install of Windows and there are a *TON* of Web servers running for apps that didn't mention they had one.
The thing is that if I am running a process on any sort of shared host, I can pretty easily spawn a server and start applying for certs for other domains. Not only can I get .well-known, I can have any host name I like.
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
