Stateless and TLS-ALPN-01

[flobernd]

Hi there,

is it possible to use stateless mode with a TLS-ALPN-01 challenge? I tried:

acme.sh --config-home /var/lib/acme --issue -d DOMAIN --stateless --alpn --keylength ec-256

But it seems like HTTP-01 is used:

Error, can not get domain token "type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/<redacted>","status":"invalid","error":{

Am I'm doing it wrong or does acme.sh currently not support that scenario?

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[flobernd]

I'm using the latest version and the relevant log line is already included in my issue comment.

[jueduizone]

you can try to use Let's encrypt CA, run the command:
acme.sh --set-default-ca --server letsencrypt

[flobernd]

@jueduizone Thanks for your reply, but I don't see how this would help me unless LE would be using 'stateless' and 'http-alpn-01' by default. Is that the case?

I would like to handle both, challenge- and application-traffic, on port 443, if possible. In addition, stateless mode is a hard requirement for my usecase.

[Neilpang]

does acme.sh currently not support that scenario?

No.

[flobernd]

@Neilpang Thanks for answering. Are there any plans to implement this functionality in the future and/or would you accept a PR for that?

[Neilpang]

how about this:
https://github.com/acmesh-official/acme.sh/wiki/TLS-ALPN-without-downtime