Skip to content

Stateless Mode

Mike Parks edited this page May 16, 2022 · 13 revisions

Stateless Mode

Configure your webserver to respond statelessly to challenges for a given account key. This requires nothing more than a one-time web server configuration change and no "moving parts".

  1. First get your account key thumbprint:
    root@ed:~# --register-account
    [Mon Feb  6 21:40:18 CST 2017] Registering account
    [Mon Feb  6 21:40:19 CST 2017] Already registered
    [Mon Feb  6 21:40:21 CST 2017] Update success.
    [Mon Feb  6 21:40:21 CST 2017] ACCOUNT_THUMBPRINT='6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd'
    Remember the thumbprint in the last line: 6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd
  2. Configure the web server to return the account key thumbprint:


    Add something similar to your nginx.conf:
    http {
      server {
        location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ {
          default_type text/plain;
          return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";


    Add something similar to your Caddyfile: {
      @achallenge {
        path_regexp ch ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$
     respond @achallenge "{}.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"


    Add something similar to your httpd.conf:
    LoadModule php7_module libexec/apache2/
    <VirtualHost *:80>
        <IfModule php7_module>
            AddType application/x-httpd-php .php
            AddType application/x-httpd-php-source .phps
            <IfModule dir_module>
                DirectoryIndex index.html index.php
        <Directory "/PATH/TO/WWW/ROOT/.well-known/acme-challenge/">
            RewriteEngine On
            RewriteRule "^[-_a-zA-Z0-9]+$" "index.php"
    Then add /PATH/TO/WWW/ROOT/.well-known/acme-challenge/index.php:
    header("Content-Type: text/plain");
    $token = array_pop(explode('/',$_SERVER['REQUEST_URI']));
    echo "$token.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
    NOTE that this approach uses PHP but something similar could be done with CGI, Perl, Ruby or pretty much any other server-side language.
  3. Ok, you can issue cert now. --issue -d  --stateless