acme port config option, explain why using a https reverse proxy will not work for acme tls-alpn-01 verification

related to #218 by mgkirs
This commit is contained in:
Mechiel Lukkien
2024-10-03 21:16:19 +02:00
parent 7ecc3f68ce
commit 7d3f307156
2 changed files with 6 additions and 3 deletions

View File

@ -113,8 +113,11 @@ See https://pkg.go.dev/github.com/mjl-/sconf for details.
# TLS port for ACME validation, 443 by default. You should only override this if
# you cannot listen on port 443 directly. ACME will make requests to port 443, so
# you'll have to add an external mechanism to get the connection here, e.g. by
# configuring port forwarding. (optional)
# you'll have to add an external mechanism to get the tls connection here, e.g. by
# configuring firewall-level port forwarding. Validation over the https port uses
# tls-alpn-01 with application-layer protocol negotiation, which essentially means
# the original tls connection must make it here unmodified, an https reverse proxy
# will not work. (optional)
Port: 0
# If set, used for suggested CAA DNS records, for restricting TLS certificate