Thomas,

Thanks for taking the time to respond. This might be best discussed on the serverfault page <https://serverfault.com/questions/897909/pound-letsencrypt-for-play-framework-aws-cloudfront>. To address your points:

1. Most DNS requests on the internet are unsecured. Why would this
   issue be any different? Remember, the letsencrypt server connects to
   Pound to initiate a DNS or HTTP challenge, not the other way around.

2. For an HTTP challenge, the letsencrypt server only utilizes ports 80
   or 443, and those are already in use by the running Pound instance,
   as you know. Pound does not support virtual directories, and the
   webapp does not support virtual directories either. The new service
   you propose is therefore unworkable in this scenario.

3. I solved the letsencrypt challenge problem myself using a DNS
   challenge, and the complete solution to creating and deploying the
   resulting SSL certificate is shown on the serverfault page. A few
   questions have yet to be resolved, and I welcome a discussion on
   those remaining points. There is no need to discuss the pros and
   cons of the relative value of a DNS challenge vs a webapp challenge,
   because that part was done, tested and deployed.

Thanks,

Mike

Reply via email to