diff options
Diffstat (limited to 'docs/reference/plugins/validation/tls-alpn')
| -rw-r--r-- | docs/reference/plugins/validation/tls-alpn/index.md | 18 | ||||
| -rw-r--r-- | docs/reference/plugins/validation/tls-alpn/selfhosting.md | 19 |
2 files changed, 0 insertions, 37 deletions
diff --git a/docs/reference/plugins/validation/tls-alpn/index.md b/docs/reference/plugins/validation/tls-alpn/index.md deleted file mode 100644 index d1b6aa9..0000000 --- a/docs/reference/plugins/validation/tls-alpn/index.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -sidebar: reference ---- - -# TLS-ALPN validation -TLS-ALPN validation works as follows: -- For each domain (e.g. `sub.example.com`), the ACME server sends a -challenge consisting of an `x` and `y` value. The truth is actually a little -more complicated than that, but for the sake of this explanation it will suffice. -- The client has to make sure that when the ACME server sets up a TLS connection -to `sub.example.com`, a specifically crafted negotiation response with a -self-signed certificate containing the `y` value as extension is presented. -- The validation request is *always* made to port 443, that cannot be changed. -- There may be more than one validation connection for the same token, e.g. -for different IP addresses (in case of multiple A/AAAA records). -- Let's Encrypt does **not** disclose the source locations of these requests, which -effectively means that the domain has to be accessible for the public, -at least for the duration of the validation.
\ No newline at end of file diff --git a/docs/reference/plugins/validation/tls-alpn/selfhosting.md b/docs/reference/plugins/validation/tls-alpn/selfhosting.md deleted file mode 100644 index 836c591..0000000 --- a/docs/reference/plugins/validation/tls-alpn/selfhosting.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -sidebar: reference ---- - -# Self-hosting -This plugin launches a temporary built-in TCP listener that stores the -validation response in memory. There for share port 80 with IIS and -other (Microsoft) software so this doesn't interfere with regular traffic. -Not all software supports this port sharing feature though. If you get errors -telling you that the listener cannot be started, please look for another -validation method. - -## Non-default port -Even though Let's Encrypt will always try to open the validation connection -on port 443, you may internally NAT that to another port. Using the -`--validationport` switch you can tell the plugin to listen to a specific port. - -## Unattended -`--validationmode tls-alpn-01 --validation selfhosting [--validationport 4330]`
\ No newline at end of file |