Sorry about not following the posting template but my question is about site documentation. As of 2018-09-07, this webpage:
contains a table of plugins. The entry for “DNS plugins” contains this description:
“This category of plugins automates obtaining a certificate by
modifying DNS records to prove you have control over a
domain. Doing domain validation in this way is
the only way to obtain wildcard certificates from Let’sEncrypt.”
That caused me confusion for a couple days because I saw many examples of people using the “manual” authenticator to obtain wildcard certificates.
Am I being too picky or should that description (… is the only way to obtain wildcard certificates…) be modified or elaborated?
I feed you’re right.
"modifying DNS records " is indeed the only way to get a wildcard certificate, but of course you can do it either using a DNS plugin or manually.
Maybe you can suggest a modification of this file https://github.com/certbot/certbot/blob/master/docs/using.rst#getting-certificates-and-choosing-plugins by opening an issue https://github.com/certbot/certbot/issues or by a PR?
Indeed, in its current form it’s incorrect. A little bit of nuance could improve it.
I think I may have written this text originally and “in this way” is meant to refer to DNS-01 challenges rather than to Certbot DNS plugins. I can see that that’s confusing in its context.
My first thought to improve clarity would be to remove the reference to wildcards from the ‘Notes’ column for the DNS Plugins row and associate it with the ‘dns-01’ occurrences in the ‘Challenge-type’ column.
Specifically, put a footnote symbol next to ‘dns-01’ wherever it occurs and add a table footnote indicating that ‘dns-01’ is the only challenge-type that can be used to obtain wildcard certs. Since only DNS Plugins and Manual allow that challenge-type, they are the only ones that can be used for wildcards certificates.
Maybe there is something better.
I could try to open an issue as was suggested, but hopefully there is someone (Certbot engineer above ?) who knows that process better than I who could do that. Not trying to duck out of work but I’ve never done that.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.