Why a half ACME client?
Why a half ACME client?
Posted Aug 15, 2025 15:02 UTC (Fri) by ttuttle (subscriber, #51118)In reply to: Why a half ACME client? by witurnpled
Parent article: NGINX adds native support for ACME protocol
Who decides which challenge is used -- the CA or the user? That is, what's wrong with implementing only one challenge, if it's functional?
Posted Aug 15, 2025 15:13 UTC (Fri)
by farnz (subscriber, #17727)
[Link]
Both CA and user decide what challenge to use; the CA offers support for various challenge types (with differing certificate issuance rules for each type - for example, a wildcard cert from LetsEncrypt needs a DNS challenge), the user selects one to use.
Why a half ACME client?