How is acme challenge derived/created


#1

I’m trying to get letsencrypt setup and an acme-challenge directory is created which has two additional directories accounts and live. However, when using http-01 it has an expected string of 973534247c47daeffc54fcef378aee09.Ss5ToTirEvTzHug0Pqp6ZcesGPq72IXsMs8zOeBNfrs

My question is how is that string derived from those two directories that are created?

Thank you


#2

The two live, accounts directories exist in your Let’s Encrypt settings directory:/etc/letsencrypt . This is a private directory, not to be exposed under your webserver.

973534247c47daeffc54fcef378aee09 is your challenge token, which is a random string that is generated by the CA during the certificate order process (ACME protocol).

Ss5ToTirEvTzHug0Pqp6ZcesGPq72IXsMs8zOeBNfr is your account thumbprint, which is basically a hash of your public key from /etc/letsencrypt/accounts.

Together, these two strings form the key authorization, which has to be exposed at your webserver under /.well-known/acme-challenge/{challenge token} in order to perform HTTP-01 validation.


#3

Then something has likely gone terribly wrong.
Those two directories should NOT be located within the acme-challenge folder (setting).
Both of those directories contain private information [which should never be accessed from the Internet].