Ah ok. Got it. That's good. On Fri, May 25, 2018 at 11:07 AM Roland Shoemaker <rol...@letsencrypt.org> wrote:
> The validation certificate should only ever be served for requests that > negotiate the amce-tls/1 application protocol, which browsers or equivalent > user software should never do. This allows the server (or load balancer) to > continue serving normal traffic to users while also serving validation > traffic to the ACME server. > > > On May 25, 2018, at 8:09 AM, Ben Sykes <ben= > 40bensykes....@dmarc.ietf.org> wrote: > > > > Hi there, > > > > Having read through the draft spec, I have a concern over certificate > renewals. > > As I read it, the server would have to temporarily use a customized > self-signed certificate while the check is pending.. Won't this mean any > regular user connecting to that server over TLS at the time be presented > with the self-signed certificate? This would manifest as downtime for the > service. > > Is there a provision for renewal using this method? > > > > Thanks, > > Ben > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
