Hi, On Friday, September 11, 2020 3:13 PM, Philipp Junghannß <teamhydro55...@gmail.com> wrote:
> I have asked that question in the LE forum iirc the problem is that > someone could place that record once and as long as someone doesnt > look at it all the time one can easily miss the fact that someone can > create wildcards and stuff for that domain, so the point is to prove > that dns access is given at the time of issuance. If someone has once write access to the DNS, they can set an acme-challenge record, redirect all requests, and issue wildcard certs. That would be easy to miss, too. > you could maybe use a different DNS Server which has a better API, > and potentially even can be used by ACME. The issue at hand isn't that a particular DNS registry operator isn't supported by a particular ACME client. What I want to fix is the need for all ACME clients to support all DNS registry operators. Thanks, Simon _______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
