search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.68k stars 511 forks source link

Letsencrypt DNS challenge #6083

Closed rossmarkflo closed 1 month ago

rossmarkflo commented 1 month ago

Is your feature request related to a problem? Please describe. Add Letsencrypt DNS challenge

Describe the solution you'd like Letsencrypt allows DNS challenging for certificate issuing. This actually can be done with a whole bunch of providers - a good example is the list the e.g. the open source project Proxmox Mail Gateway is using - there is a whole bunch of providers in the list.

This does nothing else then updating the provider DNS record and confirming this by Letsencrypt.

Advantage - no additional open port 80 needed and a more flexible approach.

BE AWARE - I actually found out that just recently GoDaddy restricted their DNS API brutally - making it completely unavailable for most customers. Most other providers remain normal on this.

Implementing the DNS API could also allow and automatic DNS record update for a dynamic IP address server - a DNS record could also be kept alive - this would be the perfect world solution.

Describe alternatives you've considered HTTP not feasible in my case and actually would be just another open door to the system

Additional context https://letsencrypt.org/docs/challenge-types/

si458 commented 1 month ago

duplicate of a closed issue https://github.com/Ylianst/MeshCentral/issues/5892 we wont be looking to implement DNS lets encrypt at the momoment due to its complexity of looking after every different DNS provider! best thing is to use a reverseproxy like nginx or traefik and let them handle the DNS verify for you