We don't rely on Certbot's acme module to create or serve TLS-ALPN-01 challenge response certificates (we use pebble-challtestsrv for this), but we do rely on the acme module for initiating challenges. E.g. in do_tls_alpn_challenges in our chisel.py test client we call: client.answe...
This reverts commit 15f1405. This was a clean revert with no conflicts. The reason we're reverting this is in some versions of openssl, we're hitting issues where the challenge cert is used even if...
I haven't followed the code in detail, but one thing that occurs to me is that it's important that these "challenge" connections aren't cached (whether they succed or fail) or looked-up in the caches. Both be sure that the right certificates are sent, and to make sure that on the...
/// contains the SNI as a SAN and the TLS-ALPN-01 challenge response key auth digest extension. /// /// Other types of TLS connection are ignored. In a more complete implementation, the server would Owner djc Mar 7, 2025 Nit: "connection" -> "connections". 👍 1 examples/tl...
It is true that supporting TLS-ALPN-01 on Apache and Nginx is very difficult, because these HTTP servers do not support this TLS extension natively. Purely theoretically, I was thinking of alternatives ways to still support a TLS-ALPN-01 challenge around a running Nginx/Apache server. One of...
[domain.com] acme: Could not find solver for: http-01 2024/05/27 03:26:37 [INFO] [domain.com] acme: use dns-01 solver 2024/05/27 03:26:37 [INFO] [*.domain.com] acme: Preparing to solve DNS-01 2024/05/27 03:26:38 [INFO] Found CNAME entry for "_acme-challenge.domain.com...
Create a challenge server responding to HTTP-01 challenges on ":8888" and DNS-01 challenges on ":9999" and "10.0.0.1:9998": import "github.com/letsencrypt/pebble/challtestsrv" challSrv, err := challtestsrv.New(challsrv.Config{ HTTPOneAddr: []string{":8888"}, DNSOneAddr: []string{...