Why is there a --stateless option for http verification but not for dns verification? #1235
Comments
|
stateless mode is only for nginx server |
|
@Neilpang Why can't DNS verification do the verification process stateless? Is that an ACME API limit? |
|
@ProBackup-nl for http verification: keyauthorization="$token.$thumbprint"nginx server is suitable to return such string. while for dns verification: txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"I have never heard any dns server can return such complex txt value. what do you think ? |
|
@Neilpang There are no DNS servers that can do, because the $token is not supplied to the DNS server in the request. The server would need to ask something like |
|
A request has been posted ietf-wg-acme/acme#393 |
Uhm, IIUC, just like this Nginx regular expression for the URI, you could set up a wildcard subdomain too: and you don't need anything dynamically on the DNS side, right? |
|
@gertvdijk What is meant with "IIUC"? For which DNS software and starting from which version? |
If I Understand Correctly.
DNS wildcards! Exists since ever and all software supports that. |
|
PowerDNS supports scriptable dns records (in the Lua language) They could be used to make a stateless DNS record. |
|
@bjmgeek: I don't see how that's useful. All you need is a wildcard domain and a static value (similar to nginx regex match on location, static return content). LUA records are able to produce a value from a script, but exactly that is totally stateless here. By the way, I like PowerDNS and even contributing to it occasionally, but I don't think it helps here. |
Stateless DNS
Having a webserver setup that is not supported, as well as a DNS provider without an API, it would be nice to
--issueand--renew--stateless.Why does acme.sh
--statelessonly support web/http/nginx and not DNS verification?The text was updated successfully, but these errors were encountered: