Checks for delegated acme

Open bdowling opened this issue 6 years ago • 1 comments

These changes allow one to have a delegated DNS domain for the most-specific part to reduce the level of DNS modification access that needs to be provided to certbot container.

e.g. One could delegate _acme-challenge.example.com to a new zone, and create the access keys that only allow updates within that zone.

~It also prevents returning the root DNS domain from base_domain_name_guesses() as looking for that zone is likely not useful.~ I removed this from the PR, it seemed some other tests depend on this behavior.

Tests have been updated for both.

Jul 01 '19 03:07 bdowling

I attempt to fix one test, break another... will need some input on this one.

Jul 01 '19 06:07 bdowling