On 15:20 Thu 01 Mar, Solène Rapenne wrote:
> It is not easy to implement because this requires access to your
> DNS server (like nsd or bind) or your registrar admin API which would
> require adding plugins for each API.
Well... that's why it's called DNS challenge, right?
> It is more complicated than creating a file in a folder.
With a little luck it's not. Both NSD and BIND allow you to include
files in zone configuration like this:
/path/to/your/zones/zone.foo.bar
/path/to/your/zones/zone.foo.bar.acme.inc
So the whole process possibly boils down to
this:
1. Receive a challenge
2. Write TXT record to a file
3. Politely ask your DNS daemon to reload the zone
4. Reply to the ACME server
5. Grab your certificates
The only problem here is #3, but it's possible to create e.g. another
pledged process that can only execute /etc/acme-client/dns-challenge.sh
and you can put all your complicated stuff there.
