I deployed another domain name I had https://openproof.org - It's all working save for the dns/dnssec validation because I am using rebel.ca and I cannot add URI and TLSA records. I can switch this to desec.io, but I've decided to leave at rebel and implement a -dnstxt verification option, where a domain owner can add the TXT records and have them verified. I know this might not be considered the most secure option, but for mass adoption, this control is likely just fine for commerical operators. I should have the script done by end of day today, or tomorrow.
I deployed another domain name I had https://openproof.org - It's all working save for the dns/dnssec validation because I am using rebel.ca and I cannot add URI and TLSA records. I can switch this to desec.io, but I've decided to leave at rebel and implement a -dnstxt verification option, where a domain owner can add the TXT records and have them verified. I know this might not be considered the most secure option, but for mass adoption, this control is likely just fine for commerical operators. I should have the script done by end of day today, or tomorrow.