Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] TLS ALPN ACME Lets Encrypt challange 
Hi,

On Wed, Nov 30, 2022 at 9:18 AM Info <info@xxxxxxxxxx> wrote:
>
> Hi,
>
> I am swimming in all directions as well. I get the ALPN TSL extension
> for switching the protocol and it is working. So, do I need to create a
> connection factory and connection for the ACME protocol similar to HTTP2?

I don't think so.

If I read https://www.rfc-editor.org/rfc/rfc8737 correctly, your
server must reply with a proper certificate with the "acmeIdentifier"
to a connection with the ALPN protocol of "acme-tls/1".
Once the TLS handshake is successful, the connection can be closed, no
data is exchanged, hence no ConnectionFactory to implement.

> And where do I manage to create a ACME session for communicating with
> the certificate provider lets encrypt, within a Jetty handler using the
> above connection? Or more down the chain in a servlet or the like?

This is the job of an ACME client, whatever you choose, not your job.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top