On Fri, Oct 14, 2016 at 05:07:22PM +0000, Ben Irving wrote: > On Fri, Oct 14, 2016 at 9:53 AM Alan Doherty <[email protected]> wrote: > > > > btw in http-01 the acme client can specify to the server whether to use > > http://www.domain1.com/.well-known/acme-challenge/ > > or https://www.domain1.com/.well-known/acme-challenge/ > > directly > > > won't I need a certificate then? I'm calling the client before nginx has > started.
Yes, you need a self-signed certificate to bootstrap the system. And AFAIK, none of the usual ACME clients support this kind of operation. Standalone mode won't work because it assumes TLS-SNI (which won't work with TLS) with TLS and it would break on renewal anyway. -Ilari _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
