ndilieto
commented
1 year ago According to https://www.rfc-editor.org/rfc/rfc8555#section-8.3
Note that because the token appears both in the request sent by the ACME server and in the key authorization in the response, it is possible to build clients that copy the token from request to response. Clients should avoid this behavior because it can lead to cross-site scripting vulnerabilities; instead, clients should be explicitly configured on a per-challenge basis.
Therefore I will not add any feature facilitating such behaviour.
Adding simple action for printing JWK Thumbprint. Using it to configure http-01 stateless mode.
Addressing Issue #17
See acme.sh Stateless Mode