3

I control a machine where I can't control DNS or open HTTP port. Is there a way I could pass a LetsEncrypt challenge when I can only accept connections over HTTPS and/or a few other ports? I found that there's "Proof of Possesion" challenge that could perhaps work for me because I already have a wildcard certificate for the domain, but I can't find any docs on this one... Would it work with my use case?

d33tah
  • 6,524
  • 8
  • 38
  • 60
  • 1
    I would argue that if you cannot control DNS, it is not really your domain (I mean, in pedantic terms :) ). And there should not be a way around it. But I may be wrong. – grochmal Oct 16 '16 at 18:43

1 Answers1

1

It had, over HTTPS port (443):

TLS-SNI-01

But for security reason it's now (mostly) disabled:

https://community.letsencrypt.org/t/important-what-you-need-to-know-about-tls-sni-validation-issues/50811

https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209

TLS-SNI-03 is in progress:

https://datatracker.ietf.org/doc/html/draft-ietf-tls-sni-encryption-03

But it's not yet available

Community
  • 1
Tom
  • 2,063
  • 12
  • 19