This erratum changed "completed" to "initiated", so the document now correctly allows redirects from HTTP to HTTPS. If you believe that challenges should be able to be initiated over HTTPS as well, this erratum is not the right place for that discussion.
But perhaps more importantly, ACME Servers do not have an HSTS Preload list. The idea of the preload list is an extension of HSTS implemented by certain browsers, but other user-agents are under no obligation to respect a preload list. Aaron On Thu, Jan 11, 2024 at 7:03 PM Rob Sayre <[email protected]> wrote: > Hi, > > Is this one valid? > > https://www.rfc-editor.org/errata/eid6843 > > > the challenge must be initiated over HTTP, not HTTPS. > > What if the host is on a .dev domain? That should be in the HSTS preload > list. > > thanks, > Rob > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
