On Sunday 18 of March 2018, Eric Covener wrote: > On Sun, Mar 18, 2018 at 1:41 PM, Steffen <i...@apachelounge.com> wrote: > > Did some tests: > > > > http://www.apachelounge.com/viewtopic.php?p=36624#36624 > > > > > > My conclusion (correct me if I am wrong): > > > > When you run mod_md , you cannot use a client which uses TLS . > > > > It is a limitation when Apache user has an "old" LE account and uses a > > acme client with/without mod_md > > > > TLS-SNI challenge was disabled by Let's Encrypt back in January, but old > > users can still use it. Old accounts are whitelisted. > > > > > > Let's Encrypt says: > > > > > > ....whitelisting mechanisms are live. If you have a certificate renewal > > that has been failing due to the TLS-SNI disablement, you should now be > > able to renew. > > After reading the above and the last post in the forum, it sounds like > the requirement is: > > "Need an option to disable the handling of /.well-known by mod_md so > an external ACME client can be used more easily". > > It seems a bit weird to load mod_md and not use it as your ACME > client, but it's a reasonable request.
Or better be able to handle both. If no on disk challenge then fallback to mod_md (or the other way). -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
