Revisit: Create certificate for a domain that is located on a different host

This may be “help”, but based upon some searching I suspect it to be a feature request. I found a number of threads where this feature was sought, but no answer listed which quite fits what I’m seeking.

I’d continue one of those threads, but they’re all closed.

This is the occasionally-described request for the ability to generate a certificate for use on a web server that does not yet host the website. There have been a few different proposed solutions, the closest of which - at least for us - would appear to be using “–manual --preferred-challenges dns”.

But this has one crucial problem: the sequence of events is fairly atomic. The script is run, the token is provided, and the script then waits while the token is added to the domain. In our most common case, the addition of the token will be accomplished by someone else. There will therefore be a delay, possibly of days. Leaving the script paused seems impractical (even if it doesn’t eventually time out).

I’m looking more for something like the authorization proof that Google uses, where the token can be provided by a first invocation of the script with a subsequent invocation - perhaps days later - triggering the test for that token in the domain.

I understand that this may be nontrivial in that it may require a new “table” of persistent storage.

But is this something that might occur? Or is this something that some alternative client may already be providing?

Thanks.

acme.sh lets you do that:

There could be others. There is an open feature request for certbot, though:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.