The acme.sh client offers DNS Alias mode, for where the dns provider does not support API access.
Are there any other clients that support this mode?
Thanks
John
Posh-ACME does.
Also, using an alias for challenge validation can also be used as a security mechanism. For instance, even when your DNS provider does have an API, their security controls might be too generic such that the credentials you give to the ACME client can modify any record in the zone or even delete the zone entirely. If you’re not comfortable with that level of permission in an automated tool, you can alias just the challenge records to another zone in another provider and then your client only needs permissions there rather than your important zone.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.