What RFC validation method is webroot using?


#1

I am using client acme.sh which has a webroot method, but I don’t see that described in the governing RFC. Thus it must be using one of the listed methods under the hood or else the RFC listed is out of date (or I am misunderstanding the whole process). Can anyone clarify the situation for me?

Thanks.


#2

If I understand your question correctly - acme.sh is using the http challenge for the webroot - see https://tools.ietf.org/html/draft-ietf-acme-acme-04#section-7.2


#3

Hm, I thought so. Here is the problem: I have a single, active server serving 16 vhosts. The site is set so no http trafffic is allowed. I can get the certs initially generated with the standalone method with acme.sh so i can manually get my sites started. However, how can I then get auto updating afterwards? I assume I need a client with tls validation capability, yes?


#4

You could continue to use the “standalone” which works on port 80. Alternatively you could use the tls-01 challenge. Personally I’d have thought the DNS-01 challenge may work better.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.