You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@icing put a lot of work into developing this, with LE in mind (I also had a small part in it).
It's hard to understand why there is such difficulty in getting the documentation to reflect the reality that tls-alpn-01 has mainstream support. I would think it something that LE would want to publicize...
In fact, mod_md also provides transparent support for http-01 entirely within the server - no disk file, no permissions setup - it just knows what to do with those challenges. And it supports DNS-01 (but requires and external script to perform the updates). It manages renewal timing without the need for externally timed (e.g. cron) jobs. It's capable of requesting certificates for other servers and delivering them (via external scripts run by httpd) in various modes.
It would be great if someone would at least remove the denial of tls-alpn-01 support. Even better if the documentation also pointed out that external scripts/programs (including certbot) and timed jobs to run them are not required when a webserver, such as Apache httpd, has fully integrated support built-in. It's actually the most painless way to use LE.
Thanks.
The text was updated successfully, but these errors were encountered:
The tls-alpn-01 section of https://letsencrypt.org/docs/challenge-types/ (still) states
It’s not supported by Apache, Nginx, or Certbot, and probably won’t be soon.
This isn't true. It wasn't true in the summer of 21 when last I reported this. At that point, apache httpd had supported tls-alpn-01 for over a year.
See https://httpd.apache.org/docs/trunk/mod/mod_md.html
Available in version 2.4.30 and later Prior to that it was available as an add-on kit (patches to httpd-core + mod_md itself).
@icing put a lot of work into developing this, with LE in mind (I also had a small part in it).
It's hard to understand why there is such difficulty in getting the documentation to reflect the reality that tls-alpn-01 has mainstream support. I would think it something that LE would want to publicize...
In fact, mod_md also provides transparent support for http-01 entirely within the server - no disk file, no permissions setup - it just knows what to do with those challenges. And it supports DNS-01 (but requires and external script to perform the updates). It manages renewal timing without the need for externally timed (e.g. cron) jobs. It's capable of requesting certificates for other servers and delivering them (via external scripts run by httpd) in various modes.
It would be great if someone would at least remove the denial of tls-alpn-01 support. Even better if the documentation also pointed out that external scripts/programs (including certbot) and timed jobs to run them are not required when a webserver, such as Apache httpd, has fully integrated support built-in. It's actually the most painless way to use LE.
Thanks.
The text was updated successfully, but these errors were encountered: