njs-acme icon indicating copy to clipboard operation
njs-acme copied to clipboard

Published 20 hours ago verified publisher icon nginx

Support the DNS-01 Challenge Type

Open zsteinkamp opened this issue 11 months ago • 2 comments

Is your feature request related to a problem? Please describe

njs-acme currently only supports the HTTP-01 challenge type, which requires that the host be accessible from the Internet on port 80. If you are operating a cluster of NGINX hosts, then you will need to use a shared storage layer for challenge tokens. While this will work just fine for some customers, for others it will not.

The DNS-01 challenge type is the only type that is out-of-band from the web server. It requires that a person or script add a TXT record to a domain for which a certificate is being requested for.

Describe the solution you'd like

Either manual or automated DNS record setup.

Describe alternatives you've considered

zsteinkamp avatar Mar 18 '24 23:03 zsteinkamp

DNS-01 is also needed for wildcard certificates. Let's Encrypt support them, but only using DNS-01.

NetForce1 avatar Mar 28 '24 18:03 NetForce1

+1 need this feature

vinhjaxt avatar Jul 31 '24 16:07 vinhjaxt