Hello,
I have many questions. so sorry because I am Junior developer
What is DNS Challenge?
and DNS-01?
I am very confused about DNS-01 & DNS Challenge.
Can I issue certificate using DNS Challenge & Letâs Encrypt?
If I can, how can I do that? (my web server is nginx & aws linux)
These are the same thing (just different names ). Basically Let's Encrypt provides a token that you need to place in your DNS records as proof of control / ownership of the domain name (in the same way as you place it a specific place as proof of control / ownership via http / https )
Yes - although certbot doesn't currently support this the bash and go alternative clients do
Use one of the alternative clients ( link above ). They are all very slightly different, but each has help and support. I know all the bash / go clients support the DNS challenge, and a couple of the others may do to.
Thank you for fast reply!
But I have more question...
It means every client of bash & go?
GetSSL , acme.sh , letsencrypt.sh , gheift/letsencrypt.sh
Caddy Lego GoACME hlandau/acme ericchiang/letsencrypt
All of them can do that?
I read this link
So maybe With Rackspace DNS hook for letsencrypt.sh, I can issue by DNS Challenge.
But, that domain has to be on my server?
EX)
I have two server A, B.
"A" server has webroot for domain "hj.com"
"B" server wants to have certificate for "hj.com"
Can I issue certificate on remote server using DNS Challenge?
That link is specific for rackspace DNS, but you can use the same basic process with other DNS providers - who is your current DNS provider ?
The domain doesnât need to be on any server - you just need to have DNS records for the main domain name. so where the webroot it doesnât really matter. For example I get certificates on my laptop all the time, for domains I control ( using the DNS challenge ) that are not hosted on my laptop at all. You can easily copy (automatically) the certificate to both your servers once obtained.