letsencrypt/pebble

Deactivate default https beaviour: `By default Pebble is accessible over HTTPS-only`

firstdorsal opened this issue · 1 comments

How can you disable https?

jsha commented

Good question. For context, here's where the issue title is quoted from:

https://github.com/letsencrypt/pebble#avoiding-client-https-errors

By default Pebble is accessible over HTTPS-only and uses a test certificate generated using a test CA (See thetest/certs/ directory for more information).

Since the Pebble test CA isn't part of any default CA trust stores you must add the test/certs/pebble.minica.pem certificate to your client's trusted root configuration to avoid HTTPS errors. Your client should offer a runtime option to specify a list of trusted root CAs.

IMPORTANT: Do not add the pebble.minica.pem CA to the system-wide trust store or to any production systems/codebases. The private key for this CA is intentionally made publicly available in this repo.

Looking at the code, Pebble does not offer a way to serve the ACME API over plaintext HTTP, and I suspect that is intentional. So this documentation should probably not say "by default", since there is no setting that would change it.