The traefik docs mention
Redirection is fully compatible with the HTTP-01 challenge.
And from the official letsencrypt docs you find
Our implementation of the HTTP-01 challenge follows redirects, up to 10 redirects deep. It only accepts redirects to “http:” or “https:”, and only to ports 80 or 443.
This is not exactly a Traefik specific question, but I assume, here are experts knowing technical details:
Is it possible to redirect challenge verifications to another domain?
Or do these redirects mean, within the same domain that tries to renew the cert?
In case of another domain, couldn’t an attacker mess with cert creation if redirected to malicious domains.
I assume the attacker needs some kind of server access to actually inject such redirects and thus probably could already interfere with the cert on disk anyways, but I think I’m not creative enough to be an attacker for this. So my question to experts: Does it work to redirect to other domains for ssl cert handling and is this safe?
Many thanks