Open ProBackup-nl opened 6 years ago
Moving this to Defer, because I think several current implementations have in fact been able to automate the DNS challenge (e.g., lego supports a bunch of DNS providers out of the box). If this is a problem, it can be handled in a follow-on spec.
good
One of the problems of dns-01 is that it's not able to automate like http-01: there the webserver is able to respond with
$token || '.' || $key-thumbprint
It would be nice when that mechanism comes to DNS, to DNS server developers are able to supply an automated.
Instead of statically querying
_acme-challenge.domain.tld
to prove host/domain ownership, query the dns including the token, like:<$token>._acme-challenge.host.domain.tld