polarathene
commented
4 years ago Here's a project that provides a simple DNS service designed for handling ACME DNS challenges which is reached via a CNAME record from your servers main DNS service.
It'd be nice if acmebot could utilize that.
dns-01 allow the use of CNAME to delegate the challenges to be check in another record, and in another zone. This is very useful to setup an independent zone, independent update key which only useful for acme-challenge record, instead of granting acmebot to manipulate all records in the target zone.
Currently, acmebot does not honor this CNAME record, nor is there anyway to force acmebot to nsupdate another record, and check the correct record/zone in "wait for DNS propagation".