I have spend half a day reading and trying this and I still can't understand it how to set it up.
And still don't know what to do...
My setup is the following: I have a domain that has a subdomain pointing to *.live.example.com where * is replaced by project names for deployment. Projects get deployed there for live testing before they get accessible via the normal domains. To test it in full environment, I of course need HTTPS and thus want to use a wildcard LE cert for *.live.example.com
I wanted to run acme-dns on a vserver and not on the deployment server. Is this possible? What does this change in the setup other than pointing auth.example.com to the vserver instead of the deployment server?
What is my CNAME supposed to be? I already have a CNAME for *.live pointing to live that I need for projectname.live.example.com to work (I don't know why but I cant resolve something.live.example.com without this CNAME).
GitHub - joohoi/acme-dns: Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely. says I supposed to register on https://auth.acme-dns.io/register but Help me understand acme-dns - #2 by sahsanu says I need to register on auth.example.com/register ... what? why? This is confusing... why am I registering to my own domain?
Github says my zone entry supposed to look like
_acme-challenge.domainiwantcertfor.tld. CNAME a097455b-52cc-4569-90c8-7a4b97c6eba8.auth.example.org
domainiwantcertfor.tld. is what? example.com or live.example.com? And that's pointing to a097....auth.example.com or a097...live.auth.example.com?
My zonefile says "IN CNAME", I thought, IN means "Internet" why is that missing in the readme on github?
Additionally I don't understand what a client is? I thought I just run a bash script, curl an API-request to it containing the challenge and fire up certbot to renew certificate?
Is there somewhere a clean, understandable, step - by - step walkthrough on how to set this up for someone who's not an expert into that whole DNS thing?