-
### Typos
#### Section 4.3, paragraph 11
```
- indiciated identifier, there is no need for the server to include the
- -
```
### Grammar/style
#### Section 5, paragraph 23
```…
-
This error message is not clean and needs at least a note describing it and a suggestion on what to do
-
### Post compromise security
This document allows an authorization object to be used in the future
for additional sub/super domain ACME certificates. This does seem
like a new security concern wi…
-
A number of comments and suggestions:
1) APEX domains, and hostnames vs domains
You define APEX but don't then reference this. This is an important topic to cover in considerably more detail,…
-
### Wildcards?
It is unclear to me how DNS wildcards, eg "*.nohats.ca" should be handled?
Do they fall within the permissions granted by "subdomainAuthAllowed"?
-
Hello,
I tried to use CAs that support the ACME protocol (other than Let's Encrypt itself), but none of them worked. It might be worth looking at.
I used the list of API endpoints from https://g…
-
### Subject of the issue
**Please note, I am not sure if this is a bug.** It is just unexpected behavior I found after wasting a little of Max Furman's time (sorry about that) troubleshooting #193.…
-
I'm not sure if this is the ideal place to post this, but I just wanted to give people a heads-up that Mozilla's future "Server Side TLS" guidelines will recommend ECDSA certificates for the Intermedi…
-
This is a feature request.
I would like to use a stateless mode as this saves me from configuring a proxy redirect and firewall settings. It also sounds safer to skip opening additional ports if no…
-
It would be great to be able to use vault as an ACME-based CA which could be used for company internal Certificates.
See here a link to the ACME specs. https://github.com/ietf-wg-acme/acme/
A pr…