Wildcard + dns-01 + Namecheap

In the blog post Wildcard Certificates Coming January 2018 it is stated that

We will initially only support base domain validation via DNS for wildcard certificates

I have a problem. My DNS-Hoster/Registrar is Namecheap. They don’t appear to have a solid understanding of security, as you cannot just insert or update a single record for a selected domain/subdomain. If you want to create or update a single TXT record for one subdomain, you will also need to send ALL the records for that domain (all records of all subdomains). So, in order for Certbot to create a temporary TXT record, it will have to write all MX records of all subdomains, all IP and CNAME records for all subdomains, twice.

This is absolutely insane, and for me a no-go. This means that I cannot use DNS-01. Could you please also provide an alternative method from the beginning, or give me some information on how to deal with this issue? Updating all those 21 certificates is always something which makes me feel uneasy, and I know that a wildcard certificate will be a real blessing.

What can I do?

Thank you a lot for this service, it’s one of the best things that happened to the internet for a long time.

I think that someone is working on adding Namecheap support to lexicon tool, which can be used to automate handling of DNS-01 challenge records. There is an open pull request for that: https://github.com/AnalogJ/lexicon/pull/135

So I guess by January 2018 you should be fine :wink:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.