For example if one suspects MitM may happen extremely close to a server and no matter how many attempts are made from different IPs to verify the domain it will not be able to bypass the attacker, they may want to disable http and tls-sni challenges.
1 Like
https://tools.ietf.org/html/draft-ietf-acme-caa-05#section-4 and ACME-CAA "validationmethods" support
Yet to be enabled in production, but certainly on its way once the CAA draft stabilizes.
6 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.