github.com/certbot/certbo
> The nginx authenticator now configures all matching HTTP and HTTPS vhosts for the HTTP-01 challenge. It is now compatible with external HTTPS redirection by a CDN or load balancer.
It would have be really nice to have this a couple weeks ago...
Conversation
github.com/GrapheneOS/rel
Specifically, it would have been nice to have that 12 days ago. It seems the issue was that it didn't know how to configure the authentication over HTTPS for the nginx plugin. In hindsight, probably just could have done an HTTP rather than HTTPS redirect.
1
4
Also, nice reminder for everyone that WebPKI is relies on insecure authentication of domain control. Even if you trust every CA, they authenticate domain control via insecure HTTP and SMTP checks. CAs aren't even required to enforce DNSSEC let alone securely chaining from there.
Replying to
twitter.com/DanielMicay/st
It works better than before but it's still messed up. Going to leave it using certbot webroot authentication.
No clue how to get the certbot nginx authenticator working with round-robin DNS load balancing. Not worth investing any more time into it...
Quote Tweet
github.com/certbot/certbo
> The nginx authenticator now configures all matching HTTP and HTTPS vhosts for the HTTP-01 challenge. It is now compatible with external HTTPS redirection by a CDN or load balancer.
It would have be really nice to have this a couple weeks ago...
Show this thread
1