ACME Response Headers Configuration

Perform necessary steps to ensure that the ACME protocol does not fail during the client-server communication.

This health check ensures that all necessary ACME-specific response headers are properly configured. Without these headers, the ACME protocol will fail, as they are required for proper client-server communication during certificate issuance.

Health Check Name: c

Accessed APIs

Method
Endpoint
Description

READ

/sys/internal/ui/mounts

Verifies configured headers for mounts

Configuration Parameters

Parameter
Description

(None)

This check does not require configurable parameters.

Health Check Results

Condition
Status Level

Required headers (Replay-Nonce, Link, Location) are missing

Warning

All required headers are configured

Pass

  1. Tune the secrets engine mount to include the required ACME headers:

vhsm secrets tune \
  -allowed-response-headers="Last-Modified" \
  -allowed-response-headers="Replay-Nonce" \
  -allowed-response-headers="Link" \
  -allowed-response-headers="Location" \
  <mount>
  1. Verify ACME functionality by testing with an ACME client such as Certbot to confirm headers are returned as expected.

Last updated

Was this helpful?