Ping a Specific Port

Question

markson edwardson

Asked: 2021-04-24 21:30:52 +0800 CST2021-04-24 21:30:52 +0800 CST 2021-04-24 21:30:52 +0800 CST

Is .well-known/acme-challenge ever needed after the initial domain fingerprintng?

772

I understand the initial challenge-response pattern when using Let's Encrypt, but I noticed that when testing renewals, no GET requests were hitting .well-known/acme-challenge.

Once the domain/account keys are setup, does renewal ever have to touch .well-known? Can my account/domain keys ever expire and have to be refreshed?

My app requires specific mounts to serve that directory and if possible I would like to avoid the configuration overhead if it won't ever be used anyway. I can use a slimmer setup for the initial domain verification.

1 Answers

Voted

d.c. · Answer 1 · 2021-04-25T02:09:36+08:00

Best Answer

d.c.

2021-04-25T02:09:36+08:002021-04-25T02:09:36+08:00

The renew process does use .well-known directory. At least at my case I have two different IPs making GET .well-known/security.txt during renewal.

But it is not used afterwards - between renewals, so it would be enough to prepare it just before your renewal scripts runs.

We do it the other way round: .well-known URI location is aliased to a system management directory outside the web document root. The alias is switched on via our custom acme-renewal script.

1

Is .well-known/acme-challenge ever needed after the initial domain fingerprintng?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?