Skip to content

ACME domain challenge

DevOpsACCELERATE supports HTTP domain validation methods for verifying that the user has authorized access to the requested domains. This means that DevOpsACCELERATE will generate a challenge and return it to the ACME client user and subsequently verify the challenge using HTTP (http-01) as indicated by the user in the request.

If a requested certificate has a Common Name (or DNS SAN) of www.vfidev.com, the HTTP domain validation would consist of an HTTP GET request for https://www.vfidev.com/.well-known/acme-challenge/<acme token> and is expected to return HTTP 200 OK where the and are the challenges our ACME server sent back to the requesting ACME client (e.g. certbot).

See https://tools.ietf.org/html/draft-ietf-acme-acme-06#section-8.2 for more information.

  • In order for HTTP validation to be successful, the domain of the certificate request must match the domain to which the web server resolves.

  • A certificate is only issued if HTTP validation is successful for at least one of the domains specified in the request. If any domains fail validation, the ACME server will respond with an error and those domains are excluded from the certificate that is issued.