I am using client acme.sh which has a webroot method, but I don’t see that described in the governing RFC. Thus it must be using one of the listed methods under the hood or else the RFC listed is out of date (or I am misunderstanding the whole process). Can anyone clarify the situation for me?
Hm, I thought so. Here is the problem: I have a single, active server serving 16 vhosts. The site is set so no http trafffic is allowed. I can get the certs initially generated with the standalone method with acme.sh so i can manually get my sites started. However, how can I then get auto updating afterwards? I assume I need a client with tls validation capability, yes?
You could continue to use the “standalone” which works on port 80. Alternatively you could use the tls-01 challenge. Personally I’d have thought the DNS-01 challenge may work better.