Timothe Litt

I noticed that https://github.com/curl/curl/pull/8986 should be coordinated with this, to resolve the discussion about falling back to insecure cleartext auth. E.g. if SAFE_AUTH is set, fallback should requuire TLS.

I agree that there should be a mechanism that disables cleartext authentication. It should be policy statement for the handle. Protocols that are implicitly secure should ignore the flag. Protocols...

While it is legal to use '*' in filenames on Unix (and VMS many others), it's never a good idea. Someone always goes to delete the file without the proper...

The validator is doing the right thing. Otherwise you'd run into a number of timing issues with caches... That sounds like a bug with either the DNS service or the...

I'm saying that LE's validator is doing the right thing. I agree with you that `mod_md` should not be trying to create (or read) a file name containing `*``. Who...

Also - whether the wildcard is primary or only in the SAN list, LE will still need to validate two TXT records for it. So I suspect that while you're...

That's a very strange service - it doesn't conform to the DNS RFCs. Note that they do say >This can be used for example to prove your ownership with letsencrypt.org...

Yes, I realized that the external http-01 events are almost the same as the Dns-01 case when I woke up! I'll give this some more thought when I'm even more...

I pushed a commit with a VERY preliminary and rough version of md_events and some supporting files (for dns-01). Read the commit comment for details. This is not production ready...

I noticed one related issue in dns-01 handling. Often, it can take some time for a challenge to become visible to the validation servers. This may be due to negative...