> > i would propose for either http or dns verification requiring at least a > temporary wilcard in dns > then for the verification server to either lookup > > http://random-generated.domain.tld/.well-known/acme-challenge/challenge-string
That's not possible, because several providers allow the registration of any subdomain, e.g. DynDNS providers. > dns verification is trickyer but could require instead of > _acme-challenge.example.com. 300 IN TXT "token" > > _acme-challenge.challenge-string.example.com. 300 IN TXT "token" > For DNS challenges, I think it's fine when _acme-challenge.example.com authorizes *.example.com. > for example or > _acme-challenge._wildcard_.example.com. 300 IN TXT "token" > > or to demon straight ability to create wildcards > random-generated._acme-challenge.example.com. 300 IN TXT "token" > > as this would require the applicant setup > *._acme-challenge.example.com. > > > i hope this is the right place if not please feel free to redirect me, as > either way acme is a huge leap forward in cert issuance and improving > reliability through automation > Regards, Niklas
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
