holulu's recent timeline updates holulu's recent timeline updates |
holuluV2EX member #106558, joined on 2015-03-21 17:25:21 +08:00 |
| Let's Encrypt 终于发布 Wildcard 证书了
1 SSL • holulu • Jul 27, 2023 • Lastly replied by ahjdzx
|
11 |
| 突然发现 CloudXNS 支持 CAA 记录了 DNS • holulu • Sep 14, 2017 • Lastly replied by natforum | 8 |
| 阿里云申请的免费 Symantec 能签发 ECC 吗? SSL • holulu • Mar 17, 2017 • Lastly replied by namebus | 4 |
| ebay 运送方式的区别? 问与答 • holulu • Aug 10, 2016 • Lastly replied by ecoart | 3 |
| 升级到 OSX 10.11 后,使用 Homebrew 安装的库,编译时找不到 .h 文件 macOS • holulu • Oct 3, 2015 • Lastly replied by holulu | 9 |
| OSX Display Menu 调出来的分辨率重启之后又变成原来的了 Apple • holulu • Sep 4, 2015 |
| Mac mini 用 mini dp 连 2K 显示器怎么没有 1080p 分辨率? Mac mini • holulu • Jan 4, 2018 • Lastly replied by giganet | 10 |
| OSX 10.10.4 第三方 SSD 强开 TRIM 导致数据丢失的有遇到过吗? Apple • holulu • Jul 13, 2015 • Lastly replied by lightening | 10 |
| 本地没有苹果商店,如何保修? Apple • holulu • May 24, 2015 • Lastly replied by Daniel0829 | 7 |
| 有人买过 manning.com 的书吗?怎么 Paypal 老付不了款? 问与答 • holulu • May 10, 2015 |
holulu's recent replies
Feb 4 Replied to a topic by wshhfy › Claude Code › Claude5 要来了...真的感到太快了 |
AI 生成再快,在严肃场景里还是得人来确认吧,不然上线出问题还是得自己担。如果不是严肃场景就随便吧。
Feb 4 Replied to a topic by Alliot › 宽带症候群 › 你的电视可能让你变成了 PCDN 用户 |
不联网就用不了的电视都不考虑
Jan 26 Replied to a topic by godall › 程序员 › 各位码农们,调查一下大家 AI 编程代码量占比 |
这个月到第五档了。
Jan 26 Replied to a topic by jianglibo › 程序员 › 有多少人正真知道 amce challenge 的区别? |
服务器不影应 TLS-ALPN-01 ,只返回 HTTP-01 的 challenge 就是外行???你那么内行为啥还要问这个问题?显得自己很内行?
Jan 26 Replied to a topic by jianglibo › 程序员 › 有多少人正真知道 amce challenge 的区别? |
ACME HTTP-01 if server redirect to 443
Thinking
Searching
Yes,
ACME HTTP-01 challenges support redirects from port 80 to port 443 (HTTPS). This is a standard practice that allows you to maintain a secure-by-default configuration while still automating certificate renewals.
Key Rules for Redirects
Initial Request: The validation server (e.g., Let's Encrypt) must always start its request on port 80 using HTTP. You cannot skip port 80 and start on 443 for an HTTP-01 challenge.
Supported Ports: The challenge follows redirects only to port 80 or 443. Redirecting to a custom port like 8443 or 10000 will cause the challenge to fail.
Redirect Depth: Most ACME implementations, including Let’s Encrypt, will follow up to 10 redirects deep.
Certificate Validation: When the challenge is redirected to HTTPS (port 443), the CA does not validate the target's SSL certificate. This allows the challenge to succeed even if your current certificate is expired, self-signed, or missing.
Thinking
Searching
Yes,
ACME HTTP-01 challenges support redirects from port 80 to port 443 (HTTPS). This is a standard practice that allows you to maintain a secure-by-default configuration while still automating certificate renewals.
Key Rules for Redirects
Initial Request: The validation server (e.g., Let's Encrypt) must always start its request on port 80 using HTTP. You cannot skip port 80 and start on 443 for an HTTP-01 challenge.
Supported Ports: The challenge follows redirects only to port 80 or 443. Redirecting to a custom port like 8443 or 10000 will cause the challenge to fail.
Redirect Depth: Most ACME implementations, including Let’s Encrypt, will follow up to 10 redirects deep.
Certificate Validation: When the challenge is redirected to HTTPS (port 443), the CA does not validate the target's SSL certificate. This allows the challenge to succeed even if your current certificate is expired, self-signed, or missing.
Jan 26 Replied to a topic by jianglibo › 程序员 › 有多少人正真知道 amce challenge 的区别? |
@jianglibo 不是这样是怎么样?麻烦回一下?如果你的服务器在访问 80 时重定向到 443 ,ACEM 应该怎么反应?
Jan 26 Replied to a topic by jianglibo › 程序员 › 有多少人正真知道 amce challenge 的区别? |
@jianglibo acme 只会访问 80 端口,如果你的服务器跳转 443 ,acme 应该会 follow ,并且忽略证书验证,只检查 http body 里的 challenge token
Jan 26 Replied to a topic by jianglibo › 程序员 › 有多少人正真知道 amce challenge 的区别? |
http 服务器在 http://<YOUR_DOMAIN>/.well-known/acme-challenge 路径返回 challenge token 。
上年 11 月中开始满街都能看到移动 29 元 200G+100 分钟,上个月去搞了一张。昨天看到广告还在。
Jan 4 Replied to a topic by Essaim › 宽带症候群 › 想办理一个移动的流量卡,有没有流量稍微多点的长期套餐呢 |
也是广电限速。上个月线下办了 29 元 200g+100 分钟的套餐,2 年期
Select Language