I’ve been playing with this. As far as I can tell I have it set up correctly, but it’s not working.
In response to this challenge: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/leSSBO7cbljpzjZqGhzqSRm8lphqe1RX_jI3Mx8eEeU/136484133 … I set up this certificate: -----BEGIN CERTIFICATE----- MIIDBDCCAe6gAwIBAgIBADALBgkqhkiG9w0BAQswGzEZMBcGA1UEAwwQY29icmFzc2x0ZXN0Lm9y ZzAiGA8yMDE4MDYxNTIzNTg0MFoYDzIwMTgwNjE5MjM1ODQwWjAbMRkwFwYDVQQDDBBjb2JyYXNz bHRlc3Qub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZ7S6Ihzojn36nARYbGY 7ZKQCZHUje/yjeOaSFNzgFtIBSjdlEyYZz5DkAv92ciqH7OJ4InuJFoFT0OwbVHxf0na/fA52XwJ RjNXWY7p1Qw0ZKqAIyypjcMS4ucnLvPYjGM+xNWtDnLP9Odr/8jNdQDIAehJ4TS11RlX2cv28hwi BqUcj1whdPFsdUKbyUCzdpKP7BS3UdL8Z7fkc+WxiTQMCaA8/IO/i+1s5ptJSFEZPVU/ZVVEVZrC EFArImmpWowoCiTxtQdWtS0bHY5RlB5IrGal4ZUgKtKe94AewvpPdy4CH8jrbQeBLcssHoaTdLgT VsxTAFSRnHcuZ8wfYwIDAQABo1MwUTAbBgNVHREEFDASghBjb2JyYXNzbHRlc3Qub3JnMDIGCSsG AQUFBwEeAQEB/wQiBCD/wpQDz3i0tjgUXgWWWyb0tP+DGo99DuOt0y1qokwGDjALBgkqhkiG9w0B AQsDggEBACOzSSZJRUu39glasoTdpEQWwgbxqVoQ5/3Ly8P06C4xavEdgQUrsHOubr6Y4HEFpLpS U/0tsVmnL3c3AVL6NXY7ffTVRpLYwGA+5oq5tIT/Yp6gqvO0D5JC+y/wfc7OpKU+x7N2NHlBJtPp mTUYm6KIwYz6qcHheV4vjZPZzZ1M4FFGCKgFItD+9mIoUyH13oKfkJzAPsALJqZFJ279r+4eT3N2 yGX3TZPLFUkaN4rNwSY4GwBVbIUiZ1Tgn5Z/TJTMQYlbr3pMwOe8V2YPO4sXCu2CcT53PrB0T4tH c0/v1a+kaYYCz3aAgrA9/5VAmnK89h+U/qfvEHSGBzK3w8U= -----END CERTIFICATE----- … which has this key: -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAyZ7S6Ihzojn36nARYbGY7ZKQCZHUje/yjeOaSFNzgFtIBSjd lEyYZz5DkAv92ciqH7OJ4InuJFoFT0OwbVHxf0na/fA52XwJRjNXWY7p1Qw0ZKqA IyypjcMS4ucnLvPYjGM+xNWtDnLP9Odr/8jNdQDIAehJ4TS11RlX2cv28hwiBqUc j1whdPFsdUKbyUCzdpKP7BS3UdL8Z7fkc+WxiTQMCaA8/IO/i+1s5ptJSFEZPVU/ ZVVEVZrCEFArImmpWowoCiTxtQdWtS0bHY5RlB5IrGal4ZUgKtKe94AewvpPdy4C H8jrbQeBLcssHoaTdLgTVsxTAFSRnHcuZ8wfYwIDAQABAoIBAQCTwuBTJt2IAO/e Uq+KZ3vqcMU7HjMmqrmanzmM1AwL/9nyXha1/sSatZkSUpeCKnvzq8LaWnu7DHZj tvnvxGQ2o0vpW0sqRqsNVccojYJ1bvJe7E3oeWzxxgtrW3juAiusB3gTDX483ovl sk0GMoXQv/fU3gZ3FAhG2sH1jnO2zvWhvv/z3qyVxcnTFVvmr+RV9xH6ykXQ8qGR K+PyqH8IWDwBq3RGofiFS8a0TYapiQp7cFaC0wyZVY+1e1CPwm1A7Koqv3xZBxdH /puRtbPnxkFrpdYEr65tAoxHKwAt7ju+DQp7RhPlrS014cDgq2qJ8l73ivhAbX5M sS9xzhJBAoGBAPM2KfCfNrNG7ttkYsg21OQ99gxWcTTava58o2Ei1AZyvydzmFam uekwJzcLhTRVZg7t5utKRxtbN8DmVJli7132lrxUkn3kzPJGYacSyoSn+XH4lRb0 E0SAgYUd1WiDazNfcNrYLVzriOVnyiKvWP+yYlUSJAfePCADug5eSsrxAoGBANQ4 zqbX4XW0DAN5n7ZBtyCqEag2ihqGDCfEZdp9w5iZSm6nqlZRZ+XRxKzijsTt42Ap 1CnwbaURswYNJw/ZnxZhuHNKqiz8T2mFwcl4OcQhduHioXDaZT2dy/jTu6ov1VQ0 mhx1SGRIakkp1yvElZzFLSJoop+bNISwDhDaHQeTAoGBAIfUEx4wPQNotRNQAB8j CEikFhsT18uV8mNVdoVURyeGxB0LYOPb325NF0mVpIHyw7nIwbNcW1P64KtZt5um dlp60fpCHUI0GwWfqv/87Z+ilBxDoTgdffk+75bhb4McCi25urRuEP+ZB25fRbOT TFgZTvOF2xuN0PRsQGev34NxAoGBAK84D/dVOsOR2nFsE9/JNkfz4ww9q5zmnFah I29YcwwlVH00VcFbCSuJHJeZn0MdHqShJJlT91NY37TZWy0NAvrZyA740LS/xVlc pHmRmDBFaQBru9uPlhNfm69gMgv73mjd3XgtpY2W9Jpfv1ZVwyli6zcDqXGaFayQ J6zmSR2dAoGAT+LDNH98ToNrBhKYinM1FJ36jQ0/IJGbTUE67iw9KFYkAsk2/ZMm IYbKnkfhoPB/bZlMUYCEA/oJZlaOPgtDEGiSd4bv+x3nkyv+hO2y2YZn2W/8kPSk wsTjrSCVrzxb7j7r1R9v56aNdZcp2srHK6W+rBME8OuH/lq509v0A48= -----END RSA PRIVATE KEY----- It’s telling me “urn:ietf:params:acme:error:connection” (Connection reset by peer) as the challenge’s failure. My server-side debugging says that the handshake succeeds … is there something amiss in the certificate? -Felipe > On Jun 15, 2018, at 2:39 PM, Roland Bracewell Shoemaker > <rol...@letsencrypt.org> wrote: > > Let’s Encrypt has deployed an implementation[0] of the > draft-ietf-acme-tls-alpn-01 validation method on our staging environment[1]. > If anyone has a chance to test it out and runs into > implementation/specification issues we’d love to hear about them! > > [0] > https://github.com/letsencrypt/boulder/blob/2dadd5e09a8228342aa86e8fa4c8d887a82aa4ac/va/va.go#L701-L768 > [1] https://acme-staging.api.letsencrypt.org/ > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme