i have all the sites 301 redirect .well-known/acme-challenge/ to http://the-one-name-running-acme-client/.well-known/acme-challenge/
thus sites distributed across many physical servers and ones like https://blah.com that normally 301 to https://www.blah.com all validate At 11:55 16/07/2019 Tuesday, Stefan Eissing wrote: >A user of my Apache ACME client asked about a feature where the security >implications are not clear to me: > >- he has several server instances that may receive the CA's http-01 challenge >request. He therefore would like all servers to answer to all challenges like >the solution proposed by acme.sh: ><https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode> > >server { >.... > location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ { > default_type text/plain; > return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"; > } > >which sends the thumbnail back to anyone asking. Is this an example to follow? >It feels very open... > >Thanks, > >Stefan > >_______________________________________________ >Acme mailing list >Acme@ietf.org >https://www.ietf.org/mailman/listinfo/acme _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme