Timothe Litt

MDChallengeResponseDelay might be better. The validation server starts the challenge, mod_md responds.... The challenge is started - it's the response that's delayed. I don't have a problem with MDCAChallenges -...

Also, the required delay depends on the challenge type. DNS can take time to propagate. tls-apln and mod_md internal http are instantly available. external http usually is visible when the...

I pushed a document (event_interface_notes.txt) that tried to collect the threads of this conversation.

> Any suggestions ? Provide some details: - Is this just an observation, or is something not working? If the latter, what exactly? - Is your DNS split view? Where...

+1 There is no reason to prune the log more often than daily. In the worst case, a user would see one extra day of history. If this bothers you,...

I wouldn't describe `certbot` as a competitor; it's an alternative. `getssl's` main advantage is that it only requires `bash` (and a few commands); `certbot` requires Python, which in turn has...

The best approach is to add `setgid` to the `.acme-challenge` directory. This will copy the directory's group to the group of files created in it. `httpd` will then access the...

On looking at the code, it also seems that "recent" versions of `getssl` support a brute force approach. Add `TOKEN_USER_ID="www-data:www-data"` to your configuration file for this domain. While it seems...

Large numbers of domains in a single certificate results in large certificates. Although many CAs allow 35 - 250 names/certificate, this isn't good for performance of the service. Let's Encrypt...

> But I think I can actually can use http-01 for those particular certs, though it still needs some fiddling - I am working on a loadbalancer appliance here, I...