I’ve been taking a look at LetsEncrypt and trying to get a better feel for how it could suit my needs.
For me, the best scenario is to request a cert with DNS verification, and then pass on the required config to client to have them configure the DNS record before proceeding to issuing a cert.
I believe this is the best method for me as it allows for an existing site to be hosted away from my control - getting all config ready for eg. a relaunch to new infrastructure.
I’ve been looking at scenarios which I may run in to and was wondering if anyone had thoughts/details around a couple of questions I can’t seem to find answers to:
- Can you run a command which will only generate the challenge (ie. not try to also complete the generations of certificate).
- How can I cancel an request which is still un-verified (ie. maybe a typo or client no longer wants to use specified domain).