Is FallbackServerName still experimental? about certmagic HOT 3 CLOSED

Ah it was a silly error on my part, I was inadvertently setting the ServerName to "" and breaking the acme-tls/1 challenge when I thought I was setting ServerName to the value of the discovered domain.

I don't need to use FallbackServerName or to check for acme-tls/1, I was unknowingly working around my error 😅

Problem solved!

If you don't know the domain names (or IPs, whatever the SANs are) before starting the server, you need On-Demand TLS (or you have to reload the config once you do know the server name / IP).

As a side note if you're interested - I wasn't aware of this at the time, I only came across it yesterday. I have been calling ManageSync with a single domain off the back of a HTML form submission to achieve something similar. I'm only provisioning a single cert for the user when they first install the application and prefer the UX of a longer form submission vs a longer initial handshake for this particular use case. Good to know it's there though if I need it in future.

from certmagic.

Been a while, but IIRC, even without setting FallbackServerName or using the linked workaround, CertMagic should still at least be able to serve up IP certificates in response to a handshake without a ServerName.

but in my case the IP(s) are unknown.

Do you mean, that you can't tell the server to manage a certificate for an IP address, because you don't know the IP address?

If you don't know the domain names (or IPs, whatever the SANs are) before starting the server, you need On-Demand TLS (or you have to reload the config once you do know the server name / IP).

Most of CertMagic and TLS handshake stuff is the same whether it's IP or DNS, it's just the nuances of getting an IP certificate are more tricky than that of DNS names.

from certmagic.

Glad you figured it out then 👍

from certmagic.