- Take the Publickey of the Account and build the SHA-1 of if. (Mable later SHA-256)
- Create an Textrecord sha1-dns-02-acme-challenge for domain with the Base64 content of the hash.
sha1-dns-02-acme-challenge.example.com. 300 IN TXT “gfj9Xq…Rg85nM”
Improvements above dns-01:
a) It allow Wildcard entries so that the user does not need to change the dns for each fqdn.
b) As long as the account key is the same the approval is the same.
This is analog to placing an html page containing an authorization token into the webserver like google use is for webmaster info access. We do not need the random factor to prevent replay. As long as we bind the authorization to the account key.