Why so complex?


#1

First I would like to thank all the hardworking souls who made all this possible.

I have a question for my own education. Why is the process to issue and renew a certificate so complex? Isn’t the ability to put a secret message in say a TXT record in DNS proof of domain ownership?

Why is the process apache or nginx dependent?

Thanks.


#2

That already exists, it’s called the dns-01 challenge.

It isn’t. But Apache and nginx are the mostly used webservers in *nix-land and therefore perfect candidates for automated plugin development.
You don’t need Apache or nginx. You only need to comply with one of the (currently) two “challenge” methods, of which one uses HTTP for the retrieval of the challenge (http-01). The EFF client certbot can spin up its own webserver to do that, so no Apache or nginx needed. However, if you already run a webserver like Apache or nginx, most of the time there’s no reason not to use that webserver you’ve already got in place.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.