Which client support tls-alpn challenge?

i want to use the client in asuswrt merlin, just because port 80 has been blocked by ISP.

i can use acme.sh, but it seemed that this client doesn’t support tls-alpn.
any suggestions?

thanks a lot for help!

Related: So how are we bringing TLS-ALPN to the masses?

TLS-SNI it’s not likely to be something that individual users will be using, at least not for a while.

These seem to support TLS-ALPN-01 (updated 2020-03-13):

Web servers compatible with TLS-ALPN-01:

i see, thanks a lot.
then can i renew a certification by some client through port 443?

(2018-11-19: moved client list to first post)

Another solution would be a DNS challenge

Two other ACME clients I know have TLS-ALPN-01 support:

Thanks for replies, I’ll try them.

Net::ACME2 supports it as well.

i use lego to get right certifications

(I reopened the subject so answers can be posted to ask to update the list)

@tdelmas Apache mod_md has added experimental support for TLS-ALPN-01 in the v1.99.0 release: https://github.com/icing/mod_md/releases/tag/v1.99.0

you need a patched mod_ssl

Hope to see this upstreamed! Very exciting, we might be able to get back to ease-of-use of the TLS-SNI days.

lighttpd 1.4.53 supports TLS-ALPN-01 without the need to shut down the web server to handle TLS-ALPN-01 verification challenges. (lighttpd still needs to be restarted to begin using updated certificates)

https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToSimpleSSL

This post should be rewritten to emphasize that dehydrated supports TLS-ALPN-01 for cert renewals - so that it won’t be misinterpreted to read (as written):
“lighttpd 1.4.53 supports TLS-ALPN-01 …”

dehydrated already have it's own line:

I wanted to emphasis that you can use TLS-ALPN-01 with lighttpd (as you can with apache2). But I'll try reorganize it.

I meant the post just above mine:

Just to add that ualpn should make TLS-ALPN-01 work with any webserver, without downtime.

This is no longer experimental; the branch is now merged to master. Note that the proxying tls-alpn-01 responder is a standalone program and does not necessarily require uacme; it shouldn't be difficult to integrate other ACME clients with it.

Edit: forgot to mention a short tutorial on how to get tls-alpn-01 working