Http01 可以验证txt文件吗

请问 http01 challenge可以验证txt文件吗

Can you explain more what you want help with? The link below describes the challenges. I was not sure what language you used so click the language link on that page to change it.


HTTP-01 这种方式的Challenge 可以验证带后缀的文件吗? 比如 http://domain/.well-known/acme-challenge/token.txt

The filename in the URL is given in the specification, and doesn't have a .txt at the end.

But you could configure your web server to serve the resource at the URL in any way, including by looking for file somewhere on a filesystem that has a .txt in it. Often there isn't much relationship anymore between files in a folder and the URLs that correspond to them.


No suffixes are allowed for Let's Encrypt.

Other free CAs might offer other challenges. If I recall correctly, ZeroSSL uses challenges with suffix, but perhaps only for their manual certificate issuance, which is limited to 3 free certs per account.

1 Like

Interestingly (to me at least), the Content-Type of the challenge response isn't explicitly specified (I don't think), but the example in RFC 8555 section 8.3 shows it using application/octet-stream rather than something like text/plain or some ACME-specific new type. But I don't think any CA would actually care about that header as long as the token in the response body is correct.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.