On Thu, 23 Jul 2020, Michael De Roover wrote:
For example I don't trust Manjaro's maintainers, since they screwed up
their TLS certificate renewal no less than 3 times. That's complete and
utter incompetence on their part.
How they didn't already put certbot in a cron job after the first time
is beyond me.
To get this topic back on topic for this list:
When you are creating Let's Encrypt wildcard certificates you must use a
DNS authenticiation protocol with letsencrypt. I am using the acme.sh
client which was recommended for wildcard
certificates. https://github.com/acmesh-official/acme.sh
If you are running your own nameserver you also need to enable dynamic
updates so that the acme.sh client can create TXT records during
certificate acqusition and renewal.
However I have found that getting zone dynamic updates (authentication,
specifically) working with nsupdate (which acme.sh uses) and BIND have
been a PITA. I haven't been overly impressed with the debug capabilities
to help get nsupdate working properly.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users