I am confused about DNS challenge

parkhyunjoon · August 9, 2016, 7:29am

Hello,
I have many questions. so sorry because I am Junior developer

What is DNS Challenge?
and DNS-01?
I am very confused about DNS-01 & DNS Challenge.
Can I issue certificate using DNS Challenge & Let’s Encrypt?
If I can, how can I do that? (my web server is nginx & aws linux)

serverco · August 9, 2016, 7:41am

These are the same thing (just different names ). Basically Let's Encrypt provides a token that you need to place in your DNS records as proof of control / ownership of the domain name (in the same way as you place it a specific place as proof of control / ownership via http / https )

Yes - although certbot doesn't currently support this the bash and go alternative clients do

Use one of the alternative clients ( link above ). They are all very slightly different, but each has help and support. I know all the bash / go clients support the DNS challenge, and a couple of the others may do to.

parkhyunjoon · August 9, 2016, 7:50am

Thank you for fast reply!
But I have more question...

It means every client of bash & go?
GetSSL , acme.sh , letsencrypt.sh , gheift/letsencrypt.sh
Caddy Lego GoACME hlandau/acme ericchiang/letsencrypt
All of them can do that?

I read this link

So maybe With Rackspace DNS hook for letsencrypt.sh, I can issue by DNS Challenge.

But, that domain has to be on my server?
EX)
I have two server A, B.
"A" server has webroot for domain "hj.com"
"B" server wants to have certificate for "hj.com"
Can I issue certificate on remote server using DNS Challenge?

serverco · August 9, 2016, 8:05am

Yes, all the bash and go clients.
That link is specific for rackspace DNS, but you can use the same basic process with other DNS providers - who is your current DNS provider ?

The domain doesn’t need to be on any server - you just need to have DNS records for the main domain name. so where the webroot it doesn’t really matter. For example I get certificates on my laptop all the time, for domains I control ( using the DNS challenge ) that are not hosted on my laptop at all. You can easily copy (automatically) the certificate to both your servers once obtained.

parkhyunjoon · August 9, 2016, 8:37am

ohohoh

Your reply is very useful for me so thank you.[quote=“serverco, post:4, topic:18754”]
The domain doesn’t need to be on any server
[/quote]

system · September 8, 2016, 8:37am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.