refer: Acme.sh standalone fails multiple validation requests (staging multi-va)
acme.sh has a weekly automatically tests project, which runs every week to keep acme.sh healthy.
In the scheduled acme.sh auto tests, we found acme.sh standalone mode failed for the letsencrypt staging server, but successed against the letsencrypt production server.
After some digging, I found it was because of the letsencrypt recent feature multi-va.
For short, with the multi-va feature, letsencrypt validation server sends multiple validation requests to the domain to validate it.
We used to use nc
as the standalone server to response to the validation requests.
But with this multi-va feature, the letsencrypt validation server sends all the requests at the very same moment.
As far as I can tell, the nc tool can only accept one connection at the moment.
So, we have to drop nc. socat
seems to be the best alternative. It’s simple and powerful enough.
And the most important: it’s widely enough crossing the platforms, including Linux, Mac, BSD, Unix, Solaris and Windows.
From the acme.sh v2.7.4, we dropped nc and use socat.