On Sun, Jan 15, 2017 at 06:54:10PM +0100, Dirk-Willem van Gulik wrote: > > > That is indeed the alternative — surmise that as the user (no matter > how VM’s, containers, virtual load balancers or whatever is configured) > will want to end up visible on port 443 with a cert — we focus on some > blind http->https redirect which can be configured in bulk; and always > bring up an TLS+SSL on 443 with a self signed cert if we do not yet > have an acme cert (and using the same private key for thus).
Well, if the container is not visible on port 80, you presumably want a path-preserving HTTP -> HTTPS redirect for all URLs on the FQDN. Such redirect would also redirect ACME HTTP requests. Or if one wants just to redirect ACME HTTP requests, one can redirect just the paths under .well-known/acme-challenge/. No need to be discriminate: the target server will sort it out anyway. -Ilari _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
