Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] TLS ALPN ACME Lets Encrypt challange

Hi,

I'm eagerly following this thread because I'd like to do this
Here[TM] as well to get around the limitations that come with
the use of http-01.

Am 30.11.2022 um 19:15 schrieb Simone Bordet:

On Wed, Nov 30, 2022 at 9:18 AM Info <info@xxxxxxxxxx> wrote:
And where do I manage to create a ACME session for communicating with
the certificate provider lets encrypt, within a Jetty handler using the
above connection? Or more down the chain in a servlet or the like?

This is the job of an ACME client, whatever you choose, not your job.

The client in question is acme4j and the part between the ACME-
server and that client up to the point where the necessary
data is available for the creation of the certificate is done
there. But then you need to make sure that said certificate
is used by the corresponding ALPN processor which is where
Maurice's question was pointed (I suppose because that's my
question at this point after reading the thread). [1]

Your answer "nothing needs to be done" doesn't sound right,
there must be some way to provide that self signed certificate
at a time after startup of the server (and make it unavailable
after successful authentication at the CA) so at some point you
need to get your hand on an existing processor to "set" the
certificate to be used or create an own implementation of such
a processor in order to be able to the same.

@Maurice If you get it running, I'd be happy if you could
try to put the necessary steps into a short final description
and put it on this list. I'm sure not only me would find this
helpful for their own ACME-integration.


Thanks and cheers, Lothar

[1] https://shredzone.org/maven/acme4j/challenge/tls-alpn-01.html


Back to the top