<[email protected]> wrote: > If both conditions are met, the CA proceeds with certificate issuance > according to the standard ACME protocol. If the IP addresses do not > match, the CA terminates the connection, as this may indicate a > compromised ACME account.
So if the client is behind NAT44 or NAT64, then it will always fail this check.
{There are many situations where dns-01 authorization challenges are used
because the relevant server is not publically reachable, but is reachable by
name to the clients that need to reach it.}
How is this evidence of a compromised *account*?
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
