I just noticed that the Domain Validation chapter on https://letsencrypt.org/how-it-works/ keeps talking about https://example.com, when the correct would be to use http://example.com (not HTTPS).
Is the use of https instead of http in this chapter intentional?
I can see that you are talking about the site “https://example.com” in a more broader term, but in my opinion the first figure (https://letsencrypt.org/images/howitworks_challenge.png) is totally wrong, as long as the challenge must be served by HTTP (as specified in the ACME draft).
Comments?