-
Magnus Andriy Mahats Is it possible to implement HTTP-01 challenge of Buypass to follow HTTP to HTTPS redirect to validate at least on the same domain (e.g. Redirect http://example.com to https://example.com to complete validation should be valid) ?
Today most SLL enable website HTTPS redirection on their own domain.
RFC8555 also permit to follow redirect: https://tools.ietf.org/html/rfc8555#section-8.3
Let's Encrypt implements this follow redirect mechanism since 2018 or before: https://community.letsencrypt.org/t/i-must-turn-off-https-redirect-to-renew/70415/4
-
Hi chin
We plan to implement following of redirects.
However, the ETA of it is unknown.
Regards,
Andriy
-
Hi chin
We added support for following of redirects during the http challenge validation.
It is now available in production and test environments.
Regards,
Andriy
-
-
Hi Buypass,
Thanks for the new release to support 5 FQDNs now.
I do notice that domains in puny code is not supported.
I was getting below response when I was trying to get a certificate in puny code.
Array (
[type] => urn:ietf:params:acme:error:rejectedIdentifier
[detail] => Domain is rejected as high-risk [code] => 403
[message] => REJECTED_IDENTIFIER
[details] => HTTP 403 Forbidden
)
May I ask if you have any plan to allow certificates in puny code? I know there aren't too many people using utf-8 domains, it will still be nice for you to support it.
Thank you.
-
Hi fomm
While we recognize that international domain names serve an important purpose, we are more concerned about their possible utilization in phishing attacks.
We do support punycode, but only for western European characters.
Regards,
Andriy
-
-
Please add support for issuing S/MIME certificates using the RFC 8823 extension for ACME and EMAIL-01 validation.
-
Hi Venu Kakarla
Thank you for your proposal.
We do not currently issue S/MIME certificates, but if we should decide to do so, we will consider this.
Regards
Mads
-
I have a couple of requests:
1) Respect the 'Must Staple' extensions for the certificate. I believe at the moment, the certificate is issued, but without stapling enabled - ie the option is silently ignored.
2) Add support for secp384r1 keys
-
Steven Haigh Thank you for the request. We will consider adding support for the topics in your request and will come back with more information later.
-
mkon Thanks for the reply!
I believe at the moment it is not possible to validate IPv6 only hosts. Is this on the roadmap at all?
-
Steven Haigh Yes, but i have no timeframe right now.
-