Did some tests:
http://www.apachelounge.com/viewtopic.php?p=36624#36624
My conclusion (correct me if I am wrong):
When you run mod_md , you cannot use a client which uses TLS .
It is a limitation when Apache user has an "old" LE account and uses
a acme client with/without mod_md
TLS-SNI challenge was disabled by Let's Encrypt back in January, but
old users can still use it. Old accounts are whitelisted.
Let's Encrypt says:
....whitelisting mechanisms are live. If you have a certificate
renewal that has been failing due to the TLS-SNI disablement, you
should now be able to renew.
On Sunday 18/03/2018 at 16:53, Steffen wrote:
A note from admin/user at
http://www.apachelounge.com/viewtopic.php?p=36619#36619
Asked the reporter to file at bugzilla:
Not sure it is a issue.
A suggestion from me for the official release:
I would not publish the official release with mod_md, but offer the
two modules (mod_md & mod_ssl) separately for download.
For mod_ssl to work in the vote release, mod_md must also be included
and mod_md will catch access to the .well-know directory. In other
words: With the Vote release it's not possible to use
Lets-Encrypt-Win-Simple (I think).
My response to that:
I think you mean with win-acme client
When it is true what you say then in the Linux world they could maybe
not use e.g. their Certbot client either.
I would like to see that a Linux users tries it ?
