Which client support tls-alpn challenge?


#1

i want to use the client in asuswrt merlin, just because port 80 has been blocked by ISP.

i can use acme.sh, but it seemed that this client doesn’t support tls-alpn.
any suggestions?

thanks a lot for help!


Now that TLS-SNI deprecated, how to to "authenticate" via port 443?
How to renew for Dynamic DNS host with no port 80?
Auto-certbot renew failure with message about firewall
443 port only, but tls-sni-01 is deprecated
What's the status on TLS-SNI-01 challenge
SNI to ALPN migration ubuntu 16.04 nginx
Using port 443 for renewal after TLS-SNI is disabled
Unable to auto renew certificates
Letsencrypt-auto not working any more
#2

Related: So how are we bringing TLS-ALPN to the masses?

TLS-SNI it’s not likely to be something that individual users will be using, at least not for a while.

These seams to support TLS-ALPN-01 (updated 2019-01-18):


Letsencrypt-auto renew no longer works
Renouvellement certificat en erreur (timeout)
Tls-alpn-01 support in certbot
Auto-Renew Failing on HTTPS-only Server
ACME TLS-SNI-01 Email -- Inboud Port 80 closed by design
#3

i see, thanks a lot.
then can i renew a certification by some client through port 443?


#4

(2018-11-19: moved client list to first post)

Another solution would be a DNS challenge


#5

Two other ACME clients I know have TLS-ALPN-01 support:


#6

Thanks for replies, I’ll try them.


#7

#8

Net::ACME2 supports it as well.


#9

i use lego to get right certifications


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.


#11

#12

(I reopened the subject so answers can be posted to ask to update the list)


#13

@tdelmas Apache mod_md has added experimental support for TLS-ALPN-01 in the v1.99.0 release: https://github.com/icing/mod_md/releases/tag/v1.99.0


#14

you need a patched mod_ssl

Hope to see this upstreamed! Very exciting, we might be able to get back to ease-of-use of the TLS-SNI days.