dns-02: dynamic challenge request: TXT <$token>._acme-challenge.domain.tld #393

ProBackup-nl · 2018-02-05T20:37:11Z

One of the problems of dns-01 is that it's not able to automate like http-01: there the webserver is able to respond with $token || '.' || $key-thumbprint

It would be nice when that mechanism comes to DNS, to DNS server developers are able to supply an automated.

Instead of statically querying _acme-challenge.domain.tld to prove host/domain ownership, query the dns including the token, like: <$token>._acme-challenge.host.domain.tld

The text was updated successfully, but these errors were encountered:

bifurcation · 2018-03-02T03:57:17Z

Moving this to Defer, because I think several current implementations have in fact been able to automate the DNS challenge (e.g., lego supports a bunch of DNS providers out of the box). If this is a problem, it can be handled in a follow-on spec.

ProBackup-nl mentioned this issue Feb 5, 2018

Why is there a --stateless option for http verification but not for dns verification? acmesh-official/acme.sh#1235

Closed

bifurcation added this to the Defer milestone Mar 2, 2018

This comment has been minimized.

Sign in to view

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dns-02: dynamic challenge request: TXT <$token>._acme-challenge.domain.tld #393

dns-02: dynamic challenge request: TXT <$token>._acme-challenge.domain.tld #393

ProBackup-nl commented Feb 5, 2018 •

edited

Loading

bifurcation commented Mar 2, 2018

This comment has been minimized.

dns-02: dynamic challenge request: TXT <$token>._acme-challenge.domain.tld #393

dns-02: dynamic challenge request: TXT <$token>._acme-challenge.domain.tld #393

Comments

ProBackup-nl commented Feb 5, 2018 • edited Loading

bifurcation commented Mar 2, 2018

This comment has been minimized.

ProBackup-nl commented Feb 5, 2018 •

edited

Loading