TLS-ALPN validation method


#1

We’ve recently landed code in boulder to add support for the draft TLS-ALPN validation method. This method provides a way to perform domain validation via the TLS layer without the issues discovered with the tls-sni-01/02 methods. This challenge type is available in both the staging and production environments as of July 12, 2018.

For those looking to test clients locally against a ACME server I’d recommend taking a look at the lightweight pebble server which already has TLS-ALPN functionality.

We’d also be very interested in people taking a look at the draft specification and providing feedback based on implementation experience. Any feedback on the document itself should be sent to the IETF ACME WG mailing list.


So how are we bringing TLS-ALPN to the masses?
Certbot 0.25.0 Release
Certbot nginx renewal http-01 over https
Renew certificate using HTTPS (port 443) or alternative port (eg 8000)
Location of letsencrypt.org issuance policy documentation
#2

TLS-ALPN challenges are now live in staging. Let us know if you encounter any issues.


Supported challenges types
#3

TLS-ALPN challenges are now live in production. Let us know if you encounter any issues.


Verification on non standard port 80