Thanks, Arkadiusz, that sounds reasonable. I will make that change and let you know.
For tracking and so that other Apache user can find it more easily, could you open a short bug report here? Thanks! > Am 18.03.2018 um 19:00 schrieb Arkadiusz Miśkiewicz <ar...@maven.pl>: > >> On Sunday 18 of March 2018, Eric Covener wrote: >>> On Sun, Mar 18, 2018 at 1:41 PM, Steffen <i...@apachelounge.com> wrote: >>> Did some tests: >>> >>> http://www.apachelounge.com/viewtopic.php?p=36624#36624 >>> >>> >>> My conclusion (correct me if I am wrong): >>> >>> When you run mod_md , you cannot use a client which uses TLS . >>> >>> It is a limitation when Apache user has an "old" LE account and uses a >>> acme client with/without mod_md >>> >>> TLS-SNI challenge was disabled by Let's Encrypt back in January, but old >>> users can still use it. Old accounts are whitelisted. >>> >>> >>> Let's Encrypt says: >>> >>> >>> ....whitelisting mechanisms are live. If you have a certificate renewal >>> that has been failing due to the TLS-SNI disablement, you should now be >>> able to renew. >> >> After reading the above and the last post in the forum, it sounds like >> the requirement is: >> >> "Need an option to disable the handling of /.well-known by mod_md so >> an external ACME client can be used more easily". >> >> It seems a bit weird to load mod_md and not use it as your ACME >> client, but it's a reasonable request. > > Or better be able to handle both. If no on disk challenge then fallback to > mod_md (or the other way). > > -- > Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
