Issue creating certificate with acme.sh DNS validation alias mode


#1

As per the instructions of @Neilpang, the CNAME should be set,

_acme-challenge.importantDomain.com
=> _acme-challenge.aliasDomainForValidationOnly.com

I am using godaddy and my question is, should they be set at the importantdomain.com dns management records or aliasDomainForValidationOnly.com dns records?


#2

The importantdomain.com records. When you have example.com CNAME example.net, that is a record describing example.com and therefore it belongs in the example.com zone.

Another way to think about this in this context is that the CNAME record that you create will delegate the ability to create certificates for importantdomain.com to aliasdomainforvalidationonly.com. Only someone who already controls DNS for importantdomain.com should be able to create this delegation! (For example, you shouldn’t be able to get certificates for google.com or microsoft.com just by editing DNS records for some other domain.)


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.