Certbot - mix DNS-01 & http-01 auth

ok, never worked with DNS auth before ... i thought there needs to be an update within the DNS on every renew? Guess I should RTFM regarding on how the DNS Challenge is working ... :see_no_evil: :sweat_smile:

Yes, but a request from the LE validation server can be redirected using CNAME RRs. It's quite common to have authorative DNS servers for a site without being able to dynamically update RRs quickly or easily, but where it is possible to set a CNAME permanently easily.

If you then redirect the initial hostname required for the challenge to a specific hostname/host which is easily and dynamically updatable, then it will make your life much easier.

You can compare it a little bit with HTTP redirects :slight_smile:

Which also has a link to a nice article about delegating the challenge!

4 Likes

aallrrriiight - just reading though the Docs (Challenge Types - Let's Encrypt) + your answer ... guess now I got the concept on how this works ... and I guess that way I should be able to solve this even easier than initially thought ... thx a lot!! :wink:

3 Likes

Do not forget to:

[from cron]

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.