Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.rtvnc.com
I ran this command:
It produced this output:
My web server is (include version): custom webserver
The operating system my web server runs on is (include version): Windows 10
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
I just wasted 3 days trying to get tls-alpn-01 validation working. The problem turned out to be a missing ‘Change Cipher Spec’ handshake message I wasn’t sending.
I feel these ‘Change Cipher Spec’ messages are unnecessary since the certificate was already sent in the Server Hello.
Please change the draft so these ‘Change Cipher Spec’ messages are no longer required, or at least give a more meaningful error message than 400-invalid .