(Picking up an old thread)
> >> There's a fairly good solution available with the current
> >> protocol, which is to serve a (long lived) redirect from
> >> /.well-known/acme-challenge/ on all of the servers to a
> >> different URL that is always answered by the machine you run an
> >> ACME client
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 09.02.2016 14:53, Michael Wyraz wrote:
> Hello Jonas,
>>
>>> IMO a better way to support your scenario as well as those I
>>> described above would be to check for an SRV-Record before
>>> checking A-Records. This would be 100% compatible
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 21.01.2016 15:13, Salz, Rich wrote:
>
>> I am not at all familiar with the processes in an IETF WG. What
>> is the way forward to get my proposal either into the protocol or
>> officially dismissed?
>
> This is the way it works. :) People
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello Michael,
(re-sent to include the list, sorry for the noise, Michael)
On 09.02.2016 11:52, Michael Wyraz wrote:
> thank you for the proposal. I think addressing such setups is a
> good idea.
Thank you for your feedback!
> The solution you
Hello Jonas,
>
> > IMO a better way to support your scenario as well as those I
> > described above would be to check for an SRV-Record before checking
> > A-Records. This would be 100% compatible with existing acme http-01
> > clients. In your case you would resolve the SRV record to the
> >
Hi Jonas,
> So if I understand this correctly, the ACME client would have to set
> (or modify) the SRV records in such a way that the host which is
> currently running the client is the one with the highest priority?
> This sounds like you could just use the DNS challenge, right?
>
> And it is a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello list,
On 07.12.2015 01:32, Manger, James wrote:
>>> Ideally, it [Let's Encrypt] would use the IP of the requester
>>> (of course only after it has verified that the IP is in the
>>> DNS) or allow the requester to specify a preferred IP.
>
>> Ideally, it [Let's Encrypt] would use the IP of the
>> requester (of course only after it has verified that the IP is in the
>> DNS) or allow the requester to specify a preferred IP.
This is quite a sensible feature request from Jonas. It supports multiple
servers for a domain while
There's a fairly good solution available with the current protocol,
which is to serve a (long lived) redirect from
/.well-known/acme-challenge/ on all of the servers to a different URL
that is always answered by the machine you run an ACME client on.
Are there any cases where that is sufficiently
This seems to be a common problem, so I opened a PR that someone on
that project can merge.
On 4 December 2015 at 08:08, Salz, Rich wrote:
>> Should I open an issue on the protocol draft repository? (Which I assume is
>> at [1])
>> [1]:
On Fri, Dec 4, 2015 at 12:46 AM, Peter Eckersley wrote:
> There's a fairly good solution available with the current protocol,
> which is to serve a (long lived) redirect from
> /.well-known/acme-challenge/ on all of the servers to a different URL
> that is always answered by the
> Is such a thing planned? Are there security reasons against doing
> this? Are there security reasons against doing this on a DNSSEC signed
> domain (which klausurschokola.de is)?
Personally, I wouldn't think it unreasonable to allow an ACME client to
request that a specific IP be used for the
12 matches
Mail list logo