Differences between acme challenges?

Hi all

What are the differences between TLS, HTTP and DNS Challenges on the website https://docs.traefik.io/user-guides/docker-compose/acme-tls/.

What I want to do is, that users can visit my website via https. It seems to be, that all three(TLS, HTTP, DNS) scopes cover https but which of them should I take?



The 3 challenges allow to obtain certificates from Let's Encrypt.

Those challenges use different technical approaches to do that:

  • HTTP challenge: the challenge consist to expose a token on an HTTP endpoint.
  • TLS challenge: the challenge consist to expose a temporary certificates on an HTTPS endpoint.
  • DNS challenge: the challenge consist to expose a TXT record on a DNS.

Treafik manage automatically those challenges.

For a user, like you, the easier challenge to configure is the TLS challenge.

The DNS challenge is the only challenge that allows to get a wildcard certificate (ex: *.example.com) but it's the slowest.

1 Like

@ldez One more question. Do I have also to configure certificates for subdomain or it is enough when I have certificate for domain.
For example, I will generate certificate for microrest.io and for keycloak.microrest.io do I have to create seperately?