I think I’m understanding things better. Just to verify, when my app initially creates the challenge token it stores it on my server. Then a request is sent out to LE over port 80. When LE responds, to find the challenge token, does LE respond to the original port 80 request or does LE create (initiate) a new port 80 request?
Thanks.
It's 100% separate. Different connections, different ports, different IP addresses. HTTP isn't designed for that kind of bidirectional communications. (And, if it was, Let's Encrypt wouldn't use it under these circumstances.)
Your ACME client makes requests to https://acme-v01.api.letsencrypt.org/ or https://acme-v02.api.letsencrypt.org/. The Let's Encrypt servers make totally separate HTTP request(s) to your website.
To add to this, the challenge token is created by Let’s Encrypt and given to you over the outgoing HTTPS connection that you made to Let’s Encrypt. As @mnordhoff says, the inbound connection(s) to confirm that you placed the challenge correctly are then made entirely separately, from separate IP addresses.
Got it! Thank you everyone!
Jeff King
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.