There are 2 improvements in acme.sh: The tls-alpn-01 mode is upported now. acme.sh --issue -d example.com --alpn It will listen on localhost 443 port and validate the domain in tls-alpn-01 method. 2. Support another ACME CA buypass.com The www.buypass.com is another public trusted CA support…

This is mind blowing: “Unlimited number of domains in one certificate”

This is awesome work, planning to add other Acme providers to certify as well. I believe various operating system limits affect usable SAN size. On windows I think you have 4KB to play with: https://social.technet.microsoft.com/wiki/contents/articles/3306.pki-faq-what-is-the-maximum-number-of-names…

It seems that the buypass free cert only support one domain (and it’s “www” prefix version). for example: exmaple.com www.example.com or: sub.example.com www.sub.example.com

[image] Neilpang: tls-alpn-01 mode is upported now Awesome. I've started a wiki page up to document using TLS-ALPN + acme.sh without taking the web server offline . Currently only nginx works, but I'm working on submitting a patch for haproxy to support it as well.

[This is NOT a one-size-fits-all recommendation] But, for those that have the ability to redirect inbound port 443 to any other port, the solution may even be simpler; in that, you could setup the ALPN listener on any unused port and then just update the router/firewall to connect external:443 to i…

[image] rg305: All vhosts would remain on 443. That's pretty clever, went over my head the first time I read it but yes, it'd work great! Anyway, patch merged , so now haproxy>=1.9.1+acme.sh is a usable TLS-ALPN combination.

[image] _az: Anyway, patch merged , so now haproxy>=1.9.1+acme.sh is a usable TLS-ALPN combination. That's very cool! Thanks @_az !!!

Acme.sh supports tls-alpn mode and buypass.com CA now

Client dev

schoen December 29, 2018, 7:16pm 4

Nice work, Neil! I’ll definitely mention this to people who are having trouble with the TLS-SNI-01 deprecation and can only use port 443.

Topic		Replies	Views
Which client support tls-alpn challenge? Help	20	73279	April 20, 2020
Acme.sh using alpn to avoid port 80 -> SSL_ERROR_RX_RECORD_TOO_LONG Help	13	2330	January 8, 2021
Acme.sh error with alpn mode Help	7	971	September 5, 2021
So how are we bringing TLS-ALPN to the masses? Client dev	17	13886	July 20, 2018
Tls-alpn-01 with acme4j -> unauthorized Help	19	2827	January 10, 2021

Acme.sh supports tls-alpn mode and buypass.com CA now

Related topics