DNSSEC protect LE Servers

phloggu · December 10, 2020, 1:15am

Please use DNSSEC to secure all host names used for letsencrypt.org – especially acme-v02.api.letsencrypt.org. Thank you!

Osiris · December 10, 2020, 7:02am

I agree. Although the ACME production API URI is "just" a CNAME, the CloudFlare DNS infrastructure to which the CNAME is pointing does actually support DNSSEC. So, there really isn't any good reason IMO not to also start supporting DNSSEC on at least the ACME API URIs.

_az · December 10, 2020, 7:09am

Cool to see! OCSP still uses the unsigned Akamai domains though.

system · January 9, 2021, 7:09am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DNS providers who easily integrate with Let’s Encrypt DNS validation Help	2	64	March 12, 2025
[Suggestion] Let's Encrypt operated, TXT-only DNS Hosting for DNS challenges Feature Requests	19	8655	February 14, 2018
Let's Encrypt with Global API Key - Cloudflare Help	2	1713	October 16, 2018
DNS providers who easily integrate with Let's Encrypt DNS validation Issuance Tech	32	289868	May 16, 2022
How Come Most Websites Do Not Support DNSSEC? Feature Requests	9	1451	April 12, 2024

DNSSEC protect LE Servers

Related topics