On Sun, Mar 18, 2018 at 1:41 PM, Steffen <[email protected]> wrote: > > Did some tests: > > http://www.apachelounge.com/viewtopic.php?p=36624#36624 > > > My conclusion (correct me if I am wrong): > > When you run mod_md , you cannot use a client which uses TLS . > > It is a limitation when Apache user has an "old" LE account and uses a > acme client with/without mod_md > > TLS-SNI challenge was disabled by Let's Encrypt back in January, but old > users can still use it. Old accounts are whitelisted. >
> Let's Encrypt says: > > > ....whitelisting mechanisms are live. If you have a certificate renewal that > has been failing due to the TLS-SNI disablement, you should now be able to > renew. > > After reading the above and the last post in the forum, it sounds like the requirement is: "Need an option to disable the handling of /.well-known by mod_md so an external ACME client can be used more easily". It seems a bit weird to load mod_md and not use it as your ACME client, but it's a reasonable request.
