Closed rossmarkflo closed 1 month ago
duplicate of a closed issue https://github.com/Ylianst/MeshCentral/issues/5892 we wont be looking to implement DNS lets encrypt at the momoment due to its complexity of looking after every different DNS provider! best thing is to use a reverseproxy like nginx or traefik and let them handle the DNS verify for you
Is your feature request related to a problem? Please describe. Add Letsencrypt DNS challenge
Describe the solution you'd like Letsencrypt allows DNS challenging for certificate issuing. This actually can be done with a whole bunch of providers - a good example is the list the e.g. the open source project Proxmox Mail Gateway is using - there is a whole bunch of providers in the list.
This does nothing else then updating the provider DNS record and confirming this by Letsencrypt.
Advantage - no additional open port 80 needed and a more flexible approach.
BE AWARE - I actually found out that just recently GoDaddy restricted their DNS API brutally - making it completely unavailable for most customers. Most other providers remain normal on this.
Implementing the DNS API could also allow and automatic DNS record update for a dynamic IP address server - a DNS record could also be kept alive - this would be the perfect world solution.
Describe alternatives you've considered HTTP not feasible in my case and actually would be just another open door to the system
Additional context https://letsencrypt.org/docs/challenge-types/