Choosing which challenges are allowed for a domain

For example if one suspects MitM may happen extremely close to a server and no matter how many attempts are made from different IPs to verify the domain it will not be able to bypass the attacker, they may want to disable http and tls-sni challenges.

1 Like

https://tools.ietf.org/html/draft-ietf-acme-caa-05#section-4 and ACME-CAA "validationmethods" support

Yet to be enabled in production, but certainly on its way once the CAA draft stabilizes.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.