I am confused about DNS challenge


I have many questions. so sorry :joy: because I am Junior developer

What is DNS Challenge?
and DNS-01?
I am very confused about DNS-01 & DNS Challenge.
Can I issue certificate using DNS Challenge & Let’s Encrypt?
If I can, how can I do that? (my web server is nginx & aws linux)


These are the same thing (just different names ). Basically Let’s Encrypt provides a token that you need to place in your DNS records as proof of control / ownership of the domain name (in the same way as you place it a specific place as proof of control / ownership via http / https )

Yes - although certbot doesn’t currently support this the bash and go alternative clients do

Use one of the alternative clients ( link above ). They are all very slightly different, but each has help and support. I know all the bash / go clients support the DNS challenge, and a couple of the others may do to.


Thank you for fast reply!
But I have more question…

It means every client of bash & go?
GetSSL , acme.sh , letsencrypt.sh , gheift/letsencrypt.sh
Caddy Lego GoACME hlandau/acme ericchiang/letsencrypt
All of them can do that?

I read this link

So maybe With Rackspace DNS hook for letsencrypt.sh, I can issue by DNS Challenge.

But, that domain has to be on my server?
I have two server A, B.
“A” server has webroot for domain “hj.com
“B” server wants to have certificate for "hj.com"
Can I issue certificate on remote server using DNS Challenge?

  1. Yes, all the bash and go clients.

  2. That link is specific for rackspace DNS, but you can use the same basic process with other DNS providers - who is your current DNS provider ?

The domain doesn’t need to be on any server - you just need to have DNS records for the main domain name. so where the webroot it doesn’t really matter. For example I get certificates on my laptop all the time, for domains I control ( using the DNS challenge ) that are not hosted on my laptop at all. You can easily copy (automatically) the certificate to both your servers once obtained.



Your reply is very useful for me so thank you.[quote=“serverco, post:4, topic:18754”]
The domain doesn’t need to be on any server


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.