Hi all, I normally use HTTP challenge, but a customer has a question about a wildcard certificate.
I have never done this so I'm trying to make a plan.
The customer hosts his DNS somewhere else. I can ask him to create a DNS record to authenticate the parent domain.
But, my question is, will this DNS record remain valid forever? Or do they need to update the DNS record at every renewal (60 days)?
Thanks!
3 Likes
Yes, each time the DNS challenge changes. However, DNS challenges will follow CNAMEs.
So one good (and common) solution here is to have your customer add a _acme-challenge record as a CNAME to a DNS server which you do control and can then update when renewing certificates.
10 Likes
Thank you! And the CNAME trick is very clever.
7 Likes
Here's a document with more information about "the CNAME trick":
If you work at a hosting provider or CDN, ACME’s DNS-01 validation method can make it a lot easier to onboard new customers who have an existing HTTPS website at another provider. Before your new customer points their domain name at your servers, you...
7 Likes
system
Closed
August 12, 2022, 4:41pm
5
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.