Hi, I’m working on a project to make some zones with various intentional DNSSEC failures in order to learn how to properly test for DNSSEC validation support in Python (working on a project where a working DNSSEC enforcing resolver running on localhost is important).
While not absolutely necessary, I’d like to run corresponding websites so people can test their browsers.
With DNSSEC failures, Let’s Encrypt won’t be able to verify the IP address but the parent zone will NOT have DNSSEC errors and is under my control.
So in theory, could I get a L.E, wilcard for *.dnnsec.icu and have it work where the subdomains in the * is actually in a delegated child zone - or is that against certificate issuance policy for wildcard certificates?
That lists what I am doing with the delegated zones.