You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ACME validation system followsCNAME records - this allows to find a solution for problematic situations, e.g. when servers are not reachable from the public internet. You can define a CNAME for the _acme-challenge subdomain that points to a different domain and set the TXT record of that target domain instead of the original domain. This is also very helpful when you do not want to or can not access the nameserver of the original domain via an API.
Of course the ACME client has to understand that concept - so there needs to be a way to define that existing CNAME or the client has to be smart enough to follow that CNAME. Probably the easy quick fix would be to add some configuration option / parameter that allows to define the actual CNAME target domain to be updated instead of always using the domain defined by the -d parameter.
The acme.sh client has this feature implemented as DNS alias mode - that wiki entry explains the concept very well.
It would be very useful if you would like to support that feature so users of this software can do everything that is possible with LE and certbot without limitations.
The ACME validation system follows CNAME records - this allows to find a solution for problematic situations, e.g. when servers are not reachable from the public internet. You can define a CNAME for the
_acme-challengesubdomain that points to a different domain and set the TXT record of that target domain instead of the original domain. This is also very helpful when you do not want to or can not access the nameserver of the original domain via an API.Of course the ACME client has to understand that concept - so there needs to be a way to define that existing CNAME or the client has to be smart enough to follow that CNAME. Probably the easy quick fix would be to add some configuration option / parameter that allows to define the actual CNAME target domain to be updated instead of always using the domain defined by the
-dparameter.The acme.sh client has this feature implemented as DNS alias mode - that wiki entry explains the concept very well.
It would be very useful if you would like to support that feature so users of this software can do everything that is possible with LE and certbot without limitations.
Thank you very much for your attention!
BTW you are not alone :) - other authors have overseen this important little feature:
oGGy990/certbot-dns-inwx#8
ciphax/letsencrypt-inwx#9
The text was updated successfully, but these errors were encountered: