On Fri, Oct 14, 2016 at 05:07:22PM +0000, Ben Irving wrote:
> On Fri, Oct 14, 2016 at 9:53 AM Alan Doherty <i...@alandoherty.net> wrote:
> >
> > btw in http-01 the acme client can specify to the server whether to use
> > http://www.domain1.com/.well-known/acme-challenge/
> > or https://www.domain1.com/.well-known/acme-challenge/
> > directly
> >
> won't I need a certificate then? I'm calling the client before nginx has
> started.

Yes, you need a self-signed certificate to bootstrap the system. And
AFAIK, none of the usual ACME clients support this kind of operation.

Standalone mode won't work because it assumes TLS-SNI (which won't work
with TLS) with TLS and it would break on renewal anyway.


Acme mailing list

Reply via email to