You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 24, 2020. It is now read-only.
Because many webservers allocate a default HTTPS virtual host to a particular low-privilege tenant user in a subtle and non-intuitive manner, the challenge must be completed over HTTP, not HTTPS.
vs.
Dereference the URI using an HTTP or HTTPS GET request. If using HTTPS, the ACME server MUST ignore the certificate provided by the HTTPS server.
The HTTP spec doesn't seem to be consistent. And why does it have to be completed with HTTP? I honestly don't understand that.
The text was updated successfully, but these errors were encountered:
LE's simpleHTTP seems to give a choice. I'd really prefer that. This would make it possible to not even listen on port 80 for things like APIs, e.g. GitHub does that on api.github.com.
As discussed on the list and in the document, the HTTP challenge needs to be HTTP-only in order to avoid the default-vhost issues. Thanks for catching the stray HTTPS text. I will remove it.
vs.
The
HTTP
spec doesn't seem to be consistent. And why does it have to be completed with HTTP? I honestly don't understand that.The text was updated successfully, but these errors were encountered: