This seems like a clever idea! As Ted said, .well-known probably isn't
the right directory for it. If you put something in .well-known, that
suggests you plan to standardize it and register it with IANA.
I'll also note that you may have a bootstrapping problem: Assuming that
you verify certificates on those polling requests to your web server,
this solution won't work before you've actually issued your first
certificate. Similarly, if there's every a problem that results in your
live certificate expiring, this process would fail.
It's also worth noting that Let's Encrypt requires DNS challenges for
wildcards because they demonstrate more control over the domain
namespace, and are less vulnerable to temporary hacks of the web server.
You fully control the namespace, so you definitely have the ability to
delegate that control in any way you see fit. Just keep in mind that
this allows someone with temporary access to your nameserver to get a
more powerful wildcard certificate than they otherwise would be able to.
If you wanted to add some more security, you could narrow the scope of
accepted certificates on the polling connection to your web host, or
(even better) have some file-level signing of the fetched JSON. Since
you control both sides, an HMAC (rather than a public key signature)
would suffice.
Lastly, have you seen acme-dns? This might be another way to accomplish
the same thing, and has the advantage that more people are using it and
therefore more likely to find bugs. https://github.com/joohoi/acme-dns
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
