The Applaud application uses HTTP validation by accessing a file stored on the server to validate the CNAME record for the custom domain. The application will not allow you to configure the custom domain in case the CNAME record validation fails. Upon successful validation of the CNAME record, the application generates a key pair. It sends a request to Let’s Encrypt to create the SSL certificate for the configured custom domain or subdomain.
Let’s Encrypt asks the application to prove that it owns the configured custom domain by using HTTP Validation to perform the domain validation:
Let’s Encrypt asks the web server to serve a secret token under a pre-defined Uniform Resource Identifier (URI) under the domain name, (.well-known-acme-challenge/).
Let’s Encrypt provides a cryptographic nonce that the application must sign with its private key pair, to prove that it controls the key pair.
The application creates the file on the specified path and signs the cryptographic nonce with its private key.
Let’s Encrypt verifies that the token is present at the specified location and matches the value it is expecting.
The domain validation is now complete.
Once the domain validation is complete, Let's Encrypt recognizes the key pair used by the application as the authorized key pair for that custom domain and issues the SSL certificate. The application installs the SSL certificate and triggers a reload of the web server to activate the SSL certificate.
The certificate is valid for three months.
Applaud uses the Certbot agent who used the authorized key pair to renew the certificate before it expires.