I'm sad about LetsEncrypt TLS-SNI-{01,02} challenges shutting down for good:
https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188 …
The http-01 and dns-01 challenges kinda suck, IMHO. I don't want to even listen on port 80. 
Hope there's a tls-sni-03 fix one day.
-
What’s wrong with dns-01? I like it more than the other methods. It allows authentication and web server to be separated. I.e. internal only web server authenticated externally.
Yes, DNS-01 is nice when you don't have external DNS to worry about. For public sites that's obviously not the case.
-
-
I’m not following. External facing DNS is required. Public (external) facing sites need corresponding public (external) facing DNS.
#confused -
I'm saying the goal here is having the validation method be minimally intrusive to the *actual* usage of the service. For internal sites that's trivial with DNS-01 because they don't have external DNS... so you make one just for ACME.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.