search

gregtwallace / certwarden

Cert Warden is a centralized ACME Client. It provides an API for certificate consumers to fetch their individual keys and certs with API keys.
https://www.certwarden.com/
Other
176 stars 6 forks source link

Provider selection should select longest matching domain #40

Closed ruifung closed 6 months ago

ruifung commented 6 months ago

For example, I have domain.example which is using the cloudflare provider, but subdomain.domain.example is delegated to a local nameserver (via NS records) which is configured with using the shell provider to perform updates using RFC2136.

I have observed legocerthub using the cloudflare provider instead of the shell provider to perform it's validations, this results in the validation stalling indefinitely because as the subdomain is delegated via NS records, the TXT records set on cloudflare are non-resolvable.

In this case, I believe it should select the provider with the longest matching domain as that will be the zone the records should be inserted to.

gregtwallace commented 6 months ago

I had not considered such a use case, but this should be pretty easy to adjust.