On Monday 19 of March 2018, Stefan Eissing wrote: > Thanks, Arkadiusz, that sounds reasonable. I will make that change and let > you know. > > For tracking and so that other Apache user can find it more easily, could > you open a short bug report here? Thanks!
https://bz.apache.org/bugzilla/show_bug.cgi?id=62189 > > > Am 18.03.2018 um 19:00 schrieb Arkadiusz Miśkiewicz <ar...@maven.pl>: > >> On Sunday 18 of March 2018, Eric Covener wrote: > >>> On Sun, Mar 18, 2018 at 1:41 PM, Steffen <i...@apachelounge.com> wrote: > >>> Did some tests: > >>> > >>> http://www.apachelounge.com/viewtopic.php?p=36624#36624 > >>> > >>> > >>> My conclusion (correct me if I am wrong): > >>> > >>> When you run mod_md , you cannot use a client which uses TLS . > >>> > >>> It is a limitation when Apache user has an "old" LE account and uses > >>> a acme client with/without mod_md > >>> > >>> TLS-SNI challenge was disabled by Let's Encrypt back in January, but > >>> old users can still use it. Old accounts are whitelisted. > >>> > >>> > >>> Let's Encrypt says: > >>> > >>> > >>> ....whitelisting mechanisms are live. If you have a certificate renewal > >>> that has been failing due to the TLS-SNI disablement, you should now be > >>> able to renew. > >> > >> After reading the above and the last post in the forum, it sounds like > >> the requirement is: > >> > >> "Need an option to disable the handling of /.well-known by mod_md so > >> an external ACME client can be used more easily". > >> > >> It seems a bit weird to load mod_md and not use it as your ACME > >> client, but it's a reasonable request. > > > > Or better be able to handle both. If no on disk challenge then fallback > > to mod_md (or the other way). -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
