Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for Step 4 (ACME Challenge) on https / different Ports #52

Closed
CJHarms opened this issue Dec 16, 2015 · 5 comments
Closed

Add Support for Step 4 (ACME Challenge) on https / different Ports #52

CJHarms opened this issue Dec 16, 2015 · 5 comments

Comments

@CJHarms
Copy link

CJHarms commented Dec 16, 2015

Hi there,

I have a Feature Request and as I'm not really capable to do it myself so I'm hoping someone else can realize it:

Problem:

In Step 4: ACME Challenge / Authorization the LE API always checks the Webserver (for which you request the Certificate) on Port 80 (http) for the /.well-known/acme-challenge

New Feature Request

It would be fantastic if there would be some kind of Option (Dropdown Box or a Empty Input Field) to tell the LE API to verify against https or even against a custom Port for the ACME Challenge.

additional Information

In the official LetsEncrypt Python Client there is a --dvsni-port (now called TLS-SNI-01) which does the trick.

If I can assist with something other than the Coding let me know and I'll try to help. Thanks!

Greetings,
Claus
@alariel
Copy link

alariel commented Dec 16, 2015

If you direct all traffic from the unencrypted (Port 80) instance to https (via 301 status) it just works, at least for me. Maybe one can add a specific redirect for the checked files/directories...

For Apache, i simply did Redirect 301 "/" "https://www.domain.de/" in the <VirtualHost *:80>- part of the config.

A configurable part would be nice to have, though... but i think it's limited to what LE implements/already has implemented...

@CJHarms
Copy link
Author

CJHarms commented Dec 16, 2015

I would gladly do that, but due to regulations the Web Servers are only available on 443 and not even listening on Port 80 (not even for redirects to 443).

@pastly
Copy link

pastly commented Dec 20, 2015

I would really appreciate this too. If I want to verify something to be hosted on my home Internet from my home Internet, I need to be able to specify a different port. My ISP blocks incoming port 80 (not 443, interestingly).

edit: Now that I've said this, I wonder if gethttpsforfree is really the project to be asking for this feature. Since fumbling around last night with this, I bought a cheap VPS and have it temporarily change the DNS record, do webroot auth, then change the DNS record back.

@diafygi
Copy link
Owner

diafygi commented Dec 22, 2015

DVSNI would be a big pain to implement in a user-friendly manner to this website, so I don't plan to do it. Would be happy to be impressed by a good pull request, though.

@diafygi diafygi closed this as completed Dec 22, 2015
@Miserlou
Copy link

+1 for this feature, this would be massively useful for using with django-zappa, as we have no ability to serve over HTTP.

A dropdown with a choice between HTTP and HTTPS would suffice for our purposes, and be MASSIVELY helpful!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Miserlou @diafygi @CJHarms @pastly @alariel