HTTP-01 - fallback to .txt?


#1

Time to time I’m getting a feedback indicating that people are struggling to make files without extensions to be served for HTTP verification. This is rarely the case on Linux platform, but for example for IIS on Windows it is rather common.

Would it be possible to make LE servers to fallback to requesting .txt challenge file if fetching the one without extension has failed for the reason other than “can’t connect”? Basically: try fetching xxx.yyy - if failed, then try xxx.yyy.txt

That would be still compatible with how it works now, but would help those having troubles with some server configurations while attempting to provide challenge files.


#2

Hi @leader,

Thanks for the interesting feedback on the failure scenarios you’re seeing with some users and the http-01 challenge.

This sounds possible but should probably be captured at the ACME specification level so that implementations outside of Let’s Encrypt benefit from the decrease in user friction as well. Its also possible there might have been a reason the protocol authors favoured the “no extension” approach that I’m not aware of.

Would you be open to proposing the change on the ACME mailing list, or perhaps submitting a PR on the draft repo to change the text in the “Identifier Validation Challenges” section on “HTTP” (Section 7.2 in the current draft) to describe your proposal?


#3

Sure, will do. :thumbsup:

P.S. I’m not quite sure if there was a reason to go for “no extension” too, but it is possible that authors had in mind some specific proxy/caching issues.


#4

There was some discussion about this a couple of months ago on the acme list, full thread here. Consensus seems to have leaned towards allowing an extension.


#5

Very interesting! Thanks for sharing


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.