Verification via e-mail

Help
#1

Hello all,

I would like to ask you if i get certification validation via e-mail

the screen I get while verification is

===================================

Please deploy a DNS TXT record under the name:

_acme-challenge.domain.gr.

with the following value:

**************** any token **************************

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: Dig (DNS lookup).domain.gr.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

Press Enter to Continue

but I am not the owner of domain and I would prefer the DNS TEXT ant the token to be sent to the owner for the validation. The command I use is

certbot certonly --csr domain.gr.csr --manual --preferred-challenges dns -d domain.gr

Is it possible to select e-mail validation method?

Thank you in advance

1 Like
#2

Let's Encrypt do not offer domain validation via email. You need to use either http validation or DNS validation.

Your example is currently using DNS validation, so create the required TXT record in your DNS then proceed. If you cannot do that then use http validation.

3 Likes
#4

Well, that's going to be a problem.
LE can't issue certificates without some "proof of ownership" (or "control").
See the first paragraph: Getting Started - Let's Encrypt

2 Likes
#5

Thank you for your response,

about http validation how can I proceed since I am not a DNS admin, i just run the procedure as intermediate for issue certificaion?

1 Like
#6

Do you have access to the web server?

1 Like
#7

Unfortunately no, do you know for how long is the token valid, I think i have to be in touch with the owner?

#8

LE certificates are issued for 90 days.
Normally, an ACME client is installed (like the certbot you are using) and it is configured to automatically renew the certificate thereafter.

2 Likes
#9

So if you don't own the domain, you don't have control over the DNS, and you don't control the web server, why are you trying to get a cert for the domain? That's something that should be done by the domain owner or administrator, which it doesn't sound like you are.

5 Likes
#10

I just only tried to issue the certificate for an other owner's service, if there was a verification via e-mail I think the procedure would be more convenient for such cases.

#11

Cool, so if I'd use my example@gmail.com email address, I would be able go get a certificate for gmail.com? :smiley:

1 Like
#12

This sounds exactly like something you should not be able to do.

...and therefore this sounds like a good reason to not implement it.

5 Likes
#13

I don't mean this. There are certification agents where use e-mail with info included where domain owner can use that in order to proceed with verification.

#14

And you're such a domain owner? Just curious if that would even help your situation :slight_smile:

1 Like
#15

No, I am not a domain owner.

#16

While many CAs offer email validation, it has historically been one of the less reliable methods of domain verification. Thus Let’s Encrypt chooses not to support it.

5 Likes
#17

Then how would such an email come into your possession?

2 Likes
#18

I declare owner's e-mail address, I did not get any e-mail, the e-mail went to the domain owner.

#19

Then I'm puzzled how you'd gain from a validation method using email. If the domain owner is still the one getting the email, instead of you, you could just as easily just ask the domain owner to add the appropriate TXT record, right?

3 Likes
#20

Correct, but if you have to add a long text token it is easier when a e-mail goes directly to the owner.

#21

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.