You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)
Issue details
I am trying to use an ACME server that is behind an AWS ELB. The ELB uses cookies to ensure that an http session is routed back to the same ACME server using cookies.
Without cookies, caddy will just be connected by the ELB to random servers.
This results in the ACME server rejecting nonces that were generated by another ACME server.
Why is this needed?
Interfacing with ACME servers behind load balancers correct.
The text was updated successfully, but these errors were encountered:
Hey @arontsang, if I understand correctly, you have multiple step-ca instances (or is it a different ACME server; maybe an ACME server hosted inside a Caddy instance) deployed behind AWS ELB, and Caddy is acting as the client of the ACME server(s)? Because if so, I don't think the fix in #1834 does what you need. That changes the client that is used to verify ACME challenges from the CA viewpoint. Usually that's just a single request, it goes out to the ACME client (in front of the AWS ELB), and it doesn't involve the nonce. So I think the issue is not on the step-ca side.
Hey @arontsang, if I understand correctly, you have multiple step-ca instances (or is it a different ACME server; maybe an ACME server hosted inside a Caddy instance) deployed behind AWS ELB, and Caddy is acting as the client of the ACME server(s)? Because if so, I don't think the fix in #1834 does what you need. That changes the client that is used to verify ACME challenges from the CA viewpoint. Usually that's just a single request, it goes out to the ACME client (in front of the AWS ELB), and it doesn't involve the nonce. So I think the issue is not on the step-ca side.
Hello!
Issue details
I am trying to use an ACME server that is behind an AWS ELB. The ELB uses cookies to ensure that an http session is routed back to the same ACME server using cookies.
Without cookies, caddy will just be connected by the ELB to random servers.
This results in the ACME server rejecting nonces that were generated by another ACME server.
Why is this needed?
Interfacing with ACME servers behind load balancers correct.
The text was updated successfully, but these errors were encountered: