I have a hosting company I want Let'sEncrypt Certificates

9peppe · August 5, 2020, 6:52am

Assume they want to give Let's encrypt certificates to all their clients, without controlling their dns: they redirect .well-known/acme-challenge/ and validate via http-01 on their client''s behalf, then they install the certificate.

I suspect it's not what they do. It could be a lot easier with a website to run tests on.

(edit: we do have one, it responds 403 Forbidden and another user has issues with this hosting provider: ZeroSSL Wont verify my domain )

I hate them:
(first command from firefox console, copy as cURL)

peppe at lemure in ~ 
% curl -IL 'http://notestorage.cf/.well-known/acme-challenge/404' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3' --compressed -H 'Connection: keep-alive' -H 'Cookie: __cfduid=d18a2838a301ff4f451f8d57508dbf9ca1596611667' -H 'Upgrade-Insecure-Requests: 1' -H 'DNT: 1' -H 'Pragma: no-cache' -H 'Cache-Control: no-cache'
HTTP/1.1 302 Found
Date: Wed, 05 Aug 2020 07:19:08 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: https://infinityfree.net/errors/404/
Cache-Control: max-age=0
Expires: Wed, 05 Aug 2020 07:18:17 GMT
CF-Cache-Status: DYNAMIC
cf-request-id: 045f1606b30000cd22f2326200000001
Server: cloudflare
CF-RAY: 5bdebf845d27cd22-FCO

HTTP/2 200 
date: Wed, 05 Aug 2020 07:19:08 GMT
content-type: text/html
set-cookie: __cfduid=d71a2eae98dc5b71d5d4ac2743c581d2a1596611948; expires=Fri, 04-Sep-20 07:19:08 GMT; path=/; domain=.infinityfree.net; HttpOnly; SameSite=Lax; Secure
vary: Accept-Encoding
last-modified: Sun, 02 Aug 2020 12:41:11 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
cf-request-id: 045f1608e00000cd16ac91d200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-content-type-options: nosniff
server: cloudflare
cf-ray: 5bdebf87c8cfcd16-FCO
content-encoding: br

peppe at lemure in ~ 
% curl -IL http://notestorage.cf/.well-known/acme-challenge/404
HTTP/1.1 403 Forbidden
Date: Wed, 05 Aug 2020 07:17:00 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=d624aa8d974e9651465376dc64510acd11596611820; expires=Fri, 04-Sep-20 07:17:00 GMT; path=/; domain=.notestorage.cf; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
cf-request-id: 045f1412290000cd429b06e200000001
Server: cloudflare
CF-RAY: 5bdebc637c9ccd42-FCO