Mention multiple challenge requests in the docs

pull/98/head
Richard Körber 2021-03-12 08:37:39 +01:00
parent d0f1966447
commit 63c06b7a49
No known key found for this signature in database
GPG Key ID: AAB9FD19C78AA3E0
3 changed files with 8 additions and 4 deletions

View File

@ -13,4 +13,4 @@ String digest = challenge.getDigest();
The CA expects a TXT record at `_acme-challenge.${domain}` with the `digest` string as value.
The challenge is completed when the CA was able to fetch the TXT record and got the correct `digest` returned.
The validation was successful if the CA was able to fetch the TXT record and got the correct `digest` returned.

View File

@ -20,7 +20,9 @@ The expected path is (assuming that `${domain}` is the domain to be authorized,
http://${domain}/.well-known/acme-challenge/${token}
```
The challenge is completed when the CA was able to download that file and found `content` in it.
The validation was successful if the CA was able to download that file and found `content` in it.
!!! note
The request is sent to port 80 only, but redirects are followed. If your domain has multiple IP addresses, the CA randomly selects one of them. There is no way to choose a different port or a fixed IP address.
The request is sent to port 80 only, but redirects are followed. If your domain has multiple IP addresses, the CA randomly selects some of them. There is no way to choose a different port or a fixed IP address.
Your server should be able to handle multiple requests to the challenge. The ACME server may check your response multiple times, and from different IPs. Also keep your response available until the `Authorization` status has changed to `VALID` or `INVALID`.

View File

@ -27,4 +27,6 @@ X509Certificate cert = CertificateUtils.
Now use `cert` and `certKeyPair` to let your web server respond to TLS requests containing an ALPN extension with the value `acme-tls/1` and a SNI extension containing your subject (`identifier`).
!!! note
The request is sent to port 443 only. If your domain has multiple IP addresses, the CA randomly selects one of them. There is no way to choose a different port or a fixed IP address.
The request is sent to port 443 only. If your domain has multiple IP addresses, the CA randomly selects some of them. There is no way to choose a different port or a fixed IP address.
Your server should be able to handle multiple requests to the challenge. The ACME server may check your response multiple times, and from different IPs. Also keep your response available until the `Authorization` status has changed to `VALID` or `INVALID`.