New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support HTTP01 over SSL #1343

bluecmd opened this Issue Nov 4, 2015 · 3 comments


None yet
3 participants

bluecmd commented Nov 4, 2015


We're running a mix variation of web servers and would prefer to use HTTP01 using the "webroot" authenticator. We're an HTTPS-only environment currently and not looking to change that, which offers a problem for us.

Could simple support for HTTP01 over HTTPS be added? You would need to disregard any certificate errors (allowing bootstrapping using self-signed certs etc.) on the server side I guess, but compared to HTTP that's not an issue.


This comment has been minimized.


kuba commented Nov 4, 2015

We just recently got rid of this particular challenge over TLS because of security issues, see ietf-wg-acme/acme#7.

@kuba kuba added the area: acme label Nov 4, 2015

@pde pde added the wontfix label Nov 5, 2015


This comment has been minimized.


pde commented Nov 5, 2015

Yeah, this is a wontfix because of the default vhosts attack. The two footnotes to that are: (1) if you serve a 301/302 redirect from port 80 the server will follow it; (2) if you have an existing cert from some CA (possibly Let's Encrypt, when it's time to renew) we could validate the cert and proceed.

@pde pde closed this Nov 5, 2015


This comment has been minimized.


pde commented Nov 5, 2015

a writeup on the problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment