Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443. It does not accept redirects to IP addresses. When redirected to an HTTPS URL, it does not validate certificates (since this challenge is intended to bootstrap valid certificates, it may encounter self-signed or expired certificates along the way).
From https://letsencrypt.org/docs/challenge-types/:
I haven't tested this, but I think the code to change would be https://github.com/publishlab/node-acme-client/blob/4335c1e9dd5cd23c8001d486b05bcae847b32783/src/verify.js#L28
Current code:
const resp = await axios.get(challengeUrl);Modified code:
const resp = await axios.get(challengeUrl, { httpsAgent: new https.Agent({rejectUnauthorized: false} });