Stefan Eissing

I am willing to take in a PR that achieves this reliably.

I see no reason why mod_md would not work for you. The fact that you reverse proxy sites should not matter, which is why there is not description in the...

Oh, did not even know that was a thing. Is this in the base server or in virtual hosts contexts? Would a ServerAlias with just the DNS name help as...

Thanks. I read httpd's code here: * ServerName supports setting the scheme. If you set `https://${vhost}`, it correctly splits this into internal vars `server_scheme` and `server_hostname`. The latter is used...

Maybe this needs to be added to the README, but let's clarify here first. The motivation for this discussion seems to be: "What happens when Lets Encrypt stops working (for...

This would not only affect the fallback on a new site, but especially the behaviour when a cert has expired, correct? This would only be possible on a server reload,...

Just an idea: if you have your internal "CA" anyway, why not give it an ACME server (pebble is quite uncomplicated) and configure that server as fallback for mod_md? That...

> Ignoring HSTS (and just so I can suggest better docs), is there a way to configure mod_md to treat a site using the fallback cert as a valid site,...

> Okay, so: > > * The "fallback" (as named by the code) cert really is generated by apache on the first invocation of mod_md for a given domain, and...

@dorrogeray thanks for the traces. I believe what you see here is the different between packets arriving at TCP level (and visible in your pcap) and curl actually **reading** the...