Verifying Domain using DNS-01 challenge

[eldos-dl]

Looking for a way to integrate verification of domain using DNS-01 challenge

Usecase: Need to keep the server behind a firewall, which is accessible through specific whitelisted IPs. Letsencrypt does not provide any list of IPs that it uses for validation.

[SteveLTN]

I tried to implement DNS challenge twice maybe. Ultimately I found it not very practical for this project. If HTTPS-PORTAL doesn't use DNS providers APIs to automatically update DNS records, the process for the users will be cumbersome and not scalable at all. If HTTPS-PORTAL requires manual intervention, it defeats the purpose of providing a "spin-up-and-forget" type of solution.

I recommend you to look at ACME.sh and manually set up your Nginx for it. Feel free to take some Nginx configuration from this project!

[basipdev]

It would be a great feature.

We're using https-portal as reverse-proxy + letsencrypt in our infrastructure services behind the Cloudflare WAF. Now updating certificates causes pain - we need to turn off the WAF, update certificates and turn on the WAF again.

[Bessonov]

I love the ease of configuration of https-portal. My use case is the infrastructure behind wireguard and the "A" entry resolving to 192.168.0.x. But probably I have to do the setup manually...

[Aj7Ay]

Hope someone find the solution for this we are trying but still not able to get Certs behind VPN

[Bessonov]

Probably, this isn't the solution you are looking for, but I migrated to Traefik, which supports the DNS challenge and wildcard certificates.