During a typical cert renewal how much bandwidth is necessary. 56kbps?
Since we have an internal wiki that contains confidential stuff, I am wondering if it would be possible to provide with a minimum possible bandwidth so that letsencrypt will not fail but other services/bots will not be able to access the wiki.
Thanks for the great service.
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for redacted.domain
Waiting for verification...
Cleaning up challenges
That seems like a rather curious way of preventing this issue - and I don’t think it’ll work. Let’s Encrypt’s tls-sni-01 challenges will run on any bandwidth that would allow for a successful TLS handshake to succeed, so a couple kilobytes total in less than 10 seconds. However, I don’t quite see how you’ll be blocking based on this. Is your goal to throttle the page so painfully that other external services won’t bother connecting?
Rather, have you considered alternate methods? For example, with the http-01 challenge, you could configure your web server to block external requests to any directory except .well-known/acme-challenge. If the blocking is server-side, you could set your --pre-hook and --post-hook options to open the firewall for the outside world only during the renewal attempt window and then close it afterwards.