I run multiple web servers on several distinct machines in each of four different domains, which makes the Letsencrypt proposition very attractive. After trying Certbot without much success, I lit upon acme.sh, which offers the possiblity of authentication using nsupdate(1). However the process fails, and the relevant error messages says:
Error add txt for domain:_acme-challenge.prd.co.uk I note that the man page for nsupdate(1) says: To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server. nsupdate does not read /etc/named.conf. I am trying to work out whether that means that the keyfile contents must be manually added to the zone file, because in named.conf I have an include line for update.key which contains the path to that key, so it should be there already. I note that on the acme.sh site there is a long list of *nix-style OSs on which success has been reported, but not NetBSD. -- Steve Blinkhorn <st...@prd.co.uk>