membrane / api-gateway

API gateway for REST, OpenAPI, GraphQL and SOAP written in Java.
https://membrane-api.io
Apache License 2.0
465 stars 138 forks source link

TLS-ALPN-01 Challenge support for ACME #788

Open t-burch opened 1 year ago

t-burch commented 1 year ago

None of the big name ACME implementations support this TLS based challenge type. (NGiNX, Certbot, Apache, etc.) So it would be a nice bonus for Membrane as one of the only ACME capable gateways/reverse-proxies with this challenge type.

From Let's Encrypt docs:

This challenge is not suitable for most people. It is best suited to authors of TLS-terminating reverse proxies that want to perform host-based validation like HTTP-01, but want to do it entirely at the TLS layer in order to separate concerns. Right now that mainly means large hosting providers, but mainstream web servers like Apache and Nginx could someday implement this (and Caddy already does).

t-burch commented 1 year ago

TLDR; It's like the HTTP Acme challenge but instead you can do it over HTTPS so you don't have to expose a HTTP port