nginx / njs-acme

Nginx NJS module runtime to work with ACME providers like Let's Encrypt for automated no-reload TLS certificate issue/renewal.
Apache License 2.0
65 stars 12 forks source link

Support the DNS-01 Challenge Type #49

Open zsteinkamp opened 7 months ago

zsteinkamp commented 7 months ago

Is your feature request related to a problem? Please describe

njs-acme currently only supports the HTTP-01 challenge type, which requires that the host be accessible from the Internet on port 80. If you are operating a cluster of NGINX hosts, then you will need to use a shared storage layer for challenge tokens. While this will work just fine for some customers, for others it will not.

The DNS-01 challenge type is the only type that is out-of-band from the web server. It requires that a person or script add a TXT record to a domain for which a certificate is being requested for.

Describe the solution you'd like

Either manual or automated DNS record setup.

Describe alternatives you've considered

NetForce1 commented 7 months ago

DNS-01 is also needed for wildcard certificates. Let's Encrypt support them, but only using DNS-01.

vinhjaxt commented 3 months ago

+1 need this feature