Which client support tls-alpn challenge?


i want to use the client in asuswrt merlin, just because port 80 has been blocked by ISP.

i can use acme.sh, but it seemed that this client doesn’t support tls-alpn.
any suggestions?

thanks a lot for help!

Now that TLS-SNI deprecated, how to to "authenticate" via port 443?
How to renew for Dynamic DNS host with no port 80?
Auto-certbot renew failure with message about firewall
443 port only, but tls-sni-01 is deprecated
What's the status on TLS-SNI-01 challenge
SNI to ALPN migration ubuntu 16.04 nginx
Using port 443 for renewal after TLS-SNI is disabled
Unable to auto renew certificates
Letsencrypt-auto not working any more

Related: So how are we bringing TLS-ALPN to the masses?

TLS-SNI it’s not likely to be something that individual users will be using, at least not for a while.

These seams to support TLS-ALPN-01 (updated 2019-01-18):

Letsencrypt-auto renew no longer works
Renouvellement certificat en erreur (timeout)
Tls-alpn-01 support in certbot
Auto-Renew Failing on HTTPS-only Server
ACME TLS-SNI-01 Email -- Inboud Port 80 closed by design

i see, thanks a lot.
then can i renew a certification by some client through port 443?


(2018-11-19: moved client list to first post)

Another solution would be a DNS challenge


Two other ACME clients I know have TLS-ALPN-01 support:


Thanks for replies, I’ll try them.



Net::ACME2 supports it as well.


i use lego to get right certifications


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.



(I reopened the subject so answers can be posted to ask to update the list)


@tdelmas Apache mod_md has added experimental support for TLS-ALPN-01 in the v1.99.0 release: https://github.com/icing/mod_md/releases/tag/v1.99.0


you need a patched mod_ssl

Hope to see this upstreamed! Very exciting, we might be able to get back to ease-of-use of the TLS-SNI days.