This ended up working fine for my ATS environment. One point of confusion though -- the documentation claims that "traffic_ctl config reload" is sufficient after a change to ssl_multicert.config, but "traffic_ctl config status" afterwards reports "traffic_server requires restarting".
Is a "traffic_ctl server restart" required after modification of ssl_multicert.config? --Jered ----- On Dec 5, 2016, at 3:05 PM, Jered Floyd <[email protected]> wrote: > Is anyone currently using ATS with Let's Encrypt as a certificate provider? > My current plan is to do something like: > 1) Run Apache Server locally on a non-standard port (e.g. 8000) > 2) Add a rule mapping all access to /.well-known/acme-challenge/ to the local > server: > regex_map http://*/.well-known/acme-challenge/ > http://proxy-host.domain.com:8000/ > 3) Use certbot's "webroot" authenticator plugin to satisfy http-01 challenge > types > 4) Use certbot renew --post-hook to refresh ATS after certificate renewal > This is relatively simple, but running another server locally feels > inelegant. I > don't believe ATS can be configured to serve local file system content, > though. > Any alternative suggestions I should explore? > --Jered
