Let's Encrypt Free wildcard SSL

The same parameters you'd pass with creating certs without the CNAME method. But again, if you can't automatically make updates to the DNS records of the target domain, that method won't really help you.

That method is providing us a TXT value, so that TXT acme_challenge will automatically passed while we will use CNAME method ?

I don't think I quite understand your question, but it suggests that you don't understand what the "CNAME method" does. Here's how it works:

  • You create a CNAME record pointing, e.g., _acme-challenge.livesem.co.il to a097455b-52cc-4569-90c8-7a4b97c6eba8.auth.example.org.
  • You request a cert using DNS validation, and certbot gives you a string that must be entered in a TXT record--let's say that string is ___validation_token_received_from_the_ca___.
  • You create a TXT record of a097455b-52cc-4569-90c8-7a4b97c6eba8.auth.example.org TXT ___validation_token_received_from_the_ca___.
  • To validate your domain control, Let's Encrypt looks for the TXT record at _acme-challenge.livesem.co.il. They don't find the TXT record, but they find the CNAME record.
  • Let's Encrypt then looks for the TXT record for a097455b-52cc-4569-90c8-7a4b97c6eba8.auth.example.org. They find the appropriate value, so domain control is validated, and they issue the cert.
  • You delete the TXT record.
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.