supports tls-alpn mode and CA now


There are 2 improvements in

  1. The tls-alpn-01 mode is upported now. --issue -d  --alpn

It will listen on localhost 443 port and validate the domain in tls-alpn-01 method.
2. Support another ACME CA
The is another public trusted CA supporting ACME protocol. --server  \
         --issue -d -d .....

See more details:

Please report bugs to our github if you find any problems.


Which client support tls-alpn challenge?
Can't renew expiring certificate (was working before)

This is mind blowing:
Unlimited number of domains in one certificate


This is awesome work, planning to add other Acme providers to certify as well. I believe various operating system limits affect usable SAN size. On windows I think you have 4KB to play with:


Nice work, Neil! I’ll definitely mention this to people who are having trouble with the TLS-SNI-01 deprecation and can only use port 443.


It seems that the buypass free cert only support one domain (and it’s “www” prefix version).

for example:



Awesome. I’ve started a wiki page up to document using TLS-ALPN + without taking the web server offline. Currently only nginx works, but I’m working on submitting a patch for haproxy to support it as well.


[This is NOT a one-size-fits-all recommendation]
But, for those that have the ability to redirect inbound port 443 to any other port, the solution may even be simpler; in that, you could setup the ALPN listener on any unused port and then just update the router/firewall to connect external:443 to internal:ALPN port.
This may be especially useful/expeditious for those with very many virtual hosts:

  • All vhosts would remain on 443.
  • The router/firewall would direct all inbound 443 to the ALPN listener.
  • The ALPN listener would proxy to all 443 vhosts and handled ALPN auth requests (as needed).


That’s pretty clever, went over my head the first time I read it but yes, it’d work great!

Anyway, patch merged, so now haproxy> is a usable TLS-ALPN combination.


That’s very cool! Thanks @_az!!!

closed #10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.