Hi all, I normally use HTTP challenge, but a customer has a question about a wildcard certificate.
I have never done this so I'm trying to make a plan.
The customer hosts his DNS somewhere else. I can ask him to create a DNS record to authenticate the parent domain.
But, my question is, will this DNS record remain valid forever? Or do they need to update the DNS record at every renewal (60 days)?
Thanks!
Yes, each time the DNS challenge changes. However, DNS challenges will follow CNAMEs.
So one good (and common) solution here is to have your customer add a _acme-challenge record as a CNAME to a DNS server which you do control and can then update when renewing certificates.
Thank you! 
And the CNAME trick is very clever.
Here's a document with more information about "the CNAME trick":
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.