blob: 41a4f3d09272da4a369956fd915c3554df3777cb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
---
sidebar: reference
---
# HTTP validation
HTTP validation works as follows:
- For each domain, e.g. `sub.example.com`, the ACME server provides a
challenge consisting of an `x` and `y` value (it's a little more complicated than that,
but for the sake of this explanation it will suffice).
- The client has to make sure that when the ACME server makes a request
to `http://sub.example.com/.well-known/acme-challenge/x`, the answer will be exactly `y`.
- The validation request is *always* made to port 80, that cannot be changed.
- Let's Encrypt **does** follow 301/302 redirects
- There may be more than one validation request for the same token, e.g. from
different locations or different protocols (IPv4/IPv6).
- Let's Encrypt does **not** disclose the source locations of these requests, which
effectively means that the domain has to be accessible for the public,
at least for the duration of the validation.
|
