I have my server setup in a way that if there is already a certificate http requests are forwarded to https at the root of my domain. I could put in some filtering so this does not occur for urls that are clearly validations for certificate renewal, but I’m curious if it’s supported to do validations over https.
If you use the HTTP-01 challenge method, which works by downloading a file, then the initial inbound connection has to happen over port 80. If you like, you can redirect everything to HTTPS, because the validator will follow this redirect.
This is a result of discussions in the ACME working group about problems that could occur with some multi-tenant shared hosting environments if this kind of validation were performed via HTTPS.
If you don’t want to receive connections on port 80 at all, even in order to redirect them to HTTPS, you could look into one of the other challenge types instead.
Yep, I knew that would fix it. And I decided to just go ahead and do that for now, which fixed the issue.
But, I was intentionally redirecting my http traffic to https://domain/ instead of maintaining the path and query.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.