MDChallengeDns01 is not allowed inside an '<MDomainSet' context

[bilhackmac]

Hi.

I use _modmd for a wile now and I recently want to switch from per subdomain certificate to wildcard certificate but I'm facing config problem.

I made my own DNS providers scripts acme-dns01-ovh and acme-dns01-cloudflare.

Here my md.conf file

MDStoreDir ${HTTPD_CONFDIR}/md
MDStoreLocks On
MDCertificateAgreement accepted
MDContactEmail "${HTTPD_ADMIN_MAIL}"
MDPrivateKeys secp256r1 rsa4096
MDRenewWindow 25d
MDWarnWindow 15d
MDPortMap http:${HTTP_PORT} https:${HTTPS_PORT}

# OCSP
MDStapling On
MDMustStaple On

And my vhosts (MDomain part)

<MDomain *.exemple1.com>
    MDMembers manual
    MDMember *.exemple1.com
    MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
    MDChallengeDns01 bin/acme-dns01-ovh
    MDRequireHttps permanent
</MDomain>

<MDomain *.exemple2.com>
    MDMembers manual
    MDMember *.exemple2.com
    MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
    MDChallengeDns01 bin/acme-dns01-cloudflare
    MDRequireHttps permanent
</MDomain>

httpd -t return me MDChallengeDns01 is not allowed inside an '<MDomainSet' context

How can I setup MDChallengeDns01 directive by handled domains

[icing]

MDChallengeDns01 is a global directive, to be set only once for the whole server.

[bilhackmac]

Is this conceivable to update mod_md to allow a MDChallengeDns01 directive by domains ? Not all domains are handled by same DNS providers.

Sure, I can set MDChallengeDns01 to a routing script, but it's less maintainable for large domain sets

[icing]

It is possible, of course. But I have currently not the spare time to start on it.

[bilhackmac]

Ok.

I'll make a MR. I'm not a C specialist so I don't guarantee that I will make it but I'll try.