Status of CNAME alias support in Certbot?

Don’t forget that whether or not the RFC2136 plugin follows CNAMEs (it doesn’t look like it to me right now, but I’m not 100% sure), you can always perform the same task with a simple Certbot authentication hook.

For example:

/root/auth.sh

#!/usr/bin/env bash

RFC2136_SERVER="127.0.0.1"
RECORD_TO_UPDATE="_acme-challenge.cname-example.com"

case "$1" in
  auth)
    echo -e "server ${RFC2136_SERVER}\nupdate add ${RECORD_TO_UPDATE}. 1 TXT ${CERTBOT_VALIDATION}\n\n"  | nsupdate
    sleep 10
    ;;
  cleanup)
    echo -e "server ${RFC2136_SERVER}\nupdate delete ${RECORD_TO_UPDATE}. TXT\n\n"  | nsupdate
    ;;
esac

may be combined with:

certbot certonly --manual --manual-auth-hook "/root/auth.sh auth" \
--manual-cleanup-hook "/root/auth.sh cleanup" --preferred-challenges dns \
-d points-to-cname.com -d also.points-to-cname.com
2 Likes