On Mon, Apr 13, 2026 at 10:45:09PM +0300, Mia Kanashi wrote: > Subject: Re: [PATCH] MEDIUM: acme: implement dns-persist-01 challenge > On 13/04/2026 19:54, William Lallemand wrote: > > On Mon, Mar 23, 2026 at 06:48:45PM +0000, Mia Kanashi wrote: > >> Subject: Re: [PATCH] MEDIUM: acme: implement dns-persist-01 challenge > >> On February 26, 2026 8:16:43 PM UTC, William Lallemand > <[email protected]> wrote: > >>> On Thu, Feb 26, 2026 at 12:19:41AM +0200, Mia Kanashi wrote: > >>>> Subject: Re: [PATCH] MEDIUM: acme: implement dns-persist-01 challenge > >>>> Oh wait, damn, sorry, it seems I made a mistake during rebasing > >>>> > >>>> There should be a line > >>>> mjson_get_bool(hc->res.buf.area, hc->res.buf.data, "$.wildcard", > &wildcard); > >>>> > >>>> Before the following line > >>>> auth->dns = istdup(ist2(t2->area, t2->data)); > >>>> > >>>> Similar to how it is in my feature branch > >>>> > >>> > >>> Thank you, I'll make some test next week! > >>> > >> > >> This challenge was just merged into boulder. > >> They will probably begin staging rollout soon enough I assume. > >> I will dogfood it by using on my personal sites when that happens. > >> > >> Also some of my previous concerns with regards to printing extra logs > >> probably wont be valid in the future, they plan to change the spec > slightly > >> to allow specifying domain where the record is located during the order. > >> Probably extra load option will need to be introduced later. Plus they > want > >> to add randomized account URI per order. I will try to keep up with those > >> changes in next iterations of the draft spec, keeping the pace with > pebble. > > > > Hi Mia, > > > > I just merged your patch and added the support of dns-persist-01 in > > "challenge-ready dns" so HAProxy will validate that the challenge is right > > before asking for the renewal of the challenge. > > > > I made a few tests with pebble and that seems to behave correctly, so this > will > > land in HAProxy 3.4. > > > > Regards, > > > > Thank you! Patches you made for DNS look good. Thanks for adding a DNS > check. > I want to let you know that it is supported by Boulder now too, it is > possible > to test it against the official LE staging directory. > > Regards!
Indeed I tested that as well and it works perfectly. Regards, -- William Lallemand
