Go: x/crypto/acme,autocert: add support for TLS-ALPN
This is an alternative to TLS-SNI challenge types.
Not sure when and how it'll be accessible on Let's Encrypt, but posting this here to keep an eye on the progress.
Draft: https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-01
Boulder impl: https://github.com/letsencrypt/boulder/pull/3654
/cc @bradfitz
x1ddos
All 14 comments
Folks interested in working on support for this challenge type in x/crypto/acme can get a head start by targeting Pebble instead of Boulder. We'll be reviewing letsencrypt/boulder#3654 in the near future but Pebble's support for TLS-ALPN-01 challenges is already merged and available: https://github.com/letsencrypt/pebble/pull/112
cpu
on 24 Apr 2018
@cpu will this feature be available on Let's Encrypt in v1 or only in v2? Or you don't know yet...
x1ddos
on 24 Apr 2018
@x1ddos I don't think it has been discussed yet.
cpu
on 24 Apr 2018
btw, I think it was discussed yet and I heard from Roland that it would likely be available in both.
mdebski
on 29 May 2018
I'll start working on this.
x1ddos
on 29 May 2018
Thanks! Take a look at certificate generation at [0], I think not much more should be needed in x/crypto/acme itself, other than wiring
[0] https://github.com/mdebski/golang-alpn-example/blob/master/alpnexample.go#L50
mdebski
on 29 May 2018
btw, I think it was discussed yet and I heard from Roland that it would likely be available in both.
Correct :+1: Thanks for sharing that news here @mdebski
cpu
on 29 May 2018
Change https://golang.org/cl/116995 mentions this issue: x/crypto/acme: add support for TLS-ALPN
gopherbot
on 7 Jun 2018
FYI, Let's Encrypt has enabled tls-alpn-01 in production:
https://community.letsencrypt.org/t/tls-alpn-validation-method/63814
mpx
on 18 Jul 2018
Now that x/crypto/acme supports this, this bug is just still open waiting for x/crypto/acme/autocert support now?
bradfitz
on 18 Jul 2018
To my understanding, yes.
On Wed, 18 Jul 2018 at 17:48, Brad Fitzpatrick notifications@github.com
wrote:
Now that x/crypto/acme supports this, this bug is just still open waiting
for x/crypto/acme/autocert support now?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/golang/go/issues/25013#issuecomment-405979004, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AEZoBiuW0i6lsqN-6EVcQcbD0kFpNeINks5uH1jVgaJpZM4TgGwv
.
mdebski
on 18 Jul 2018
Ok, will hack on a CL now.
x1ddos
on 21 Jul 2018
Writing an end-to-end test, so takes a bit longer. Should finish tonight CET.
x1ddos
on 22 Jul 2018
Change https://golang.org/cl/125495 mentions this issue: acme/autocert: add support for tls-alpn-01
gopherbot
on 23 Jul 2018
Related issues
rsc
·
3Comments
longzhizhi
·
3Comments
mingrammer
·
3Comments
myitcv
·
3Comments
OneOfOne
·
3Comments
Most helpful comment
FYI, Let's Encrypt has enabled
tls-alpn-01in production:https://community.letsencrypt.org/t/tls-alpn-validation-method/63814