> On Dec 7, 2015, at 5:47 PM, Hugo Landau <[email protected]> wrote: > > On Mon, Dec 07, 2015 at 11:56:34AM -0800, Noah Kantrowitz wrote: >> I wrote up some thoughts that have been brewing in my head for a bit on >> making a truly transparent/generic ACME client, would love more eyes on it >> in the hopes I've missed an option here: >> https://coderanger.net/better-lets-encrypt/ >> >> --Noah > > Honestly, I think it makes more sense to specify a standard location for > challenge files on the system (I'm currently using > /var/run/acme/acme-challenge) and design your software to serve requests > for /.well-known/acme-challenge/ on it. If the location of challenge > files is standardised, this alias can become a default for many web > servers, frameworks, etc. It's similar to the standard "Alias /cgi-bin/ > /usr/lib/cgi-bin/" of yesteryear, though hopefully with less security > issues.
Perhaps in the fullness of time that could help, but stuff like stunnel is unlikely to ever support such things. Regardless, at this point in time, making assumptions about web server config will only work for the simple cases and I want to get as many people switched over to LE (and ACME-d friends) as I can. --Noah
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
