Hello all.
I was interessed in trying the new DNS-PERSIST challeng but I can't figure out how to get the uri to insert in the TXT record.
It could be a really problem solver for thos ( like me ) that cannot create an NS record in their registrar, and would like to have a wildcard certificate.
In this page from LE it is mentioned that you have to create a TXT record with the following values: _validation-persist.example.com. IN TXT ( "letsencrypt.org;" " accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/1234567890" )
Obviously in this example is using letsencrypt url but in real life there is no way ( that I know of ) to create an account on LE itself.
Should I run an acme-dns locally to create this account or what ?
Thanks to anyone who can explain me ( as if I was a 2 year child ) .
Your ACME client should be able to provide the Let's Encrypt account URI. While you cannot create an account on the LE website, like you often do with services, the ACME protocol actually uses (automated) accounts under the hood.
So depending on which ACME client you used, it might be easy or not so easy to get the account URI to put in the TXT RR.
Edit:
If you're using Certbot, I actually added the usage of the show_account command I built into Certbot to Finding Account IDs - Let's Encrypt
Thanks for your ( superfast ) reply.
If I understand correctly, then, I have to first get a certificate in some other ways ( like DNS-01 ) or I don't have any other way ?
Is that correct ?
It is fine to be planning ahead I agree this will be very useful to many and look forward to when it is supported by many ACME Clients and other Certificate Authorities
Thanks to everyone.
Sad to know that is not yest supported, but nice to have understood how to get those values.
Another 2 o 3 manual renews then I should be good to go !
) .