acmebot icon indicating copy to clipboard operation
acmebot copied to clipboard
verified publisher icon plinss

Support for CNAME in DNS-01 challenges

Open sam0737 opened this issue 5 years ago • 1 comments

dns-01 allow the use of CNAME to delegate the challenges to be check in another record, and in another zone. This is very useful to setup an independent zone, independent update key which only useful for acme-challenge record, instead of granting acmebot to manipulate all records in the target zone.

Currently, acmebot does not honor this CNAME record, nor is there anyway to force acmebot to nsupdate another record, and check the correct record/zone in "wait for DNS propagation".

sam0737 avatar Aug 08 '20 18:08 sam0737

Here's a project that provides a simple DNS service designed for handling ACME DNS challenges which is reached via a CNAME record from your servers main DNS service.

It'd be nice if acmebot could utilize that.

polarathene avatar Sep 25 '20 02:09 polarathene