Feature: follow CNAME records or allow to define CNAME of _acme-challenge.example.com

[wowcut]

The ACME validation system follows CNAME records - this allows to find a solution for problematic situations, e.g. when servers are not reachable from the public internet. You can define a CNAME for the _acme-challenge subdomain that points to a different domain and set the TXT record of that target domain instead of the original domain. This is also very helpful when you do not want to or can not access the nameserver of the original domain via an API.

Of course the ACME client has to understand that concept - so there needs to be a way to define that existing CNAME or the client has to be smart enough to follow that CNAME. Probably the easy quick fix would be to add some configuration option / parameter that allows to define the actual CNAME target domain to be updated instead of always using the domain defined by the -d parameter.

The acme.sh client has this feature implemented as DNS alias mode - that wiki entry explains the concept very well.

It would be very useful if you would like to support that feature so users of this software can do everything that is possible with LE and certbot without limitations.

Thank you very much for your attention!

[oGGy990]

Hey wowcut,

I'll look into it tomorrow evening. Shouldn't be hard to implement without needing an additional configuration line option. Unfortunately INWX doesn't offer restricted API accounts...

[oGGy990]

I have now implemented this by commit b3721f8a5de85c38d700ef23de8e48f92f85dadf . I tested it using 4 CNAME redirects between 3 different domains on 2 INWX accounts - and it worked like a charm. You are also welcome to test it. ;-) Also updated the README with further information.

[oGGy990]

I guess, I can consider this as fixed. :-)