Ilari Liusvaara wrote:
>> For now, this is for many ACME clients a manual step. If you run your
>> authoritative DNS service locally in your network, perhaps you could
>> look into any options for automatically update the zone content.
> I think the current best way is to have
Simon Ser wrote:
> dns-01 requires the ACME client to complete the challenge by updating a
DNS
> record. This is bothersome because this often requires interacting with
the
> DNS registry operator. This is typically done via vendor-specific APIs,
with
> access control handled
On Fri, Sep 11, 2020 at 03:41:08PM +0200, Patrik Wallström wrote:
>
>
> The missing piece of this puzzle is a standardized API for registrars
> (or DNS operators), where changes can be made for a zone at a registrar.
> Much like registry changes coming from registrars to a registry using
> EPP.
On Fri, Sep 11, 2020 at 9:28 AM Philipp Junghannß
wrote:
> problem is obviously also the CA/Browser Forum has certain requirements,
> and I guess having access to some kind of direct verification at the time
> of issue might be probably one of these.
>
This is the correct answer.
While the IETF
Simon Ser skrev den 2020-09-11 kl. 15:25:
> Hi,
>
> On Friday, September 11, 2020 3:17 PM, Felipe Gasper
> wrote:
>
>>> On Sep 11, 2020, at 9:08 AM, Simon Ser cont...@emersion.fr wrote:
>>> For instance, it would be possible to require users to add a short public
>>> key
>>> in a DNS TXT
well Certificate transparency is one something should maybe keep
notifications for.
Also I can understand the problem, but I have not decided the outcome, I
merely stated what I got as an answer back then.
problem is obviously also the CA/Browser Forum has certain requirements,
and I guess
Hi,
On Friday, September 11, 2020 3:17 PM, Felipe Gasper
wrote:
> > On Sep 11, 2020, at 9:08 AM, Simon Ser cont...@emersion.fr wrote:
> > For instance, it would be possible to require users to add a short public
> > key
> > in a DNS TXT record, then ask the ACME client to sign challenges with
Hi,
On Friday, September 11, 2020 3:13 PM, Philipp Junghannß
wrote:
> I have asked that question in the LE forum iirc the problem is that
> someone could place that record once and as long as someone doesnt
> look at it all the time one can easily miss the fact that someone can
> create
> On Sep 11, 2020, at 9:08 AM, Simon Ser wrote:
>
> For instance, it would be possible to require users to add a short public key
> in a DNS TXT record, then ask the ACME client to sign challenges with that
> key.
> Something like this would significantly ease the development of ACME clients.
I have asked that question in the LE forum iirc the problem is that someone
could place that record once and as long as someone doesnt look at it all
the time one can easily miss the fact that someone can create wildcards and
stuff for that domain, so the point is to prove that dns access is given
Hi all,
I've been working on an ACME client acting as a TLS termination proxy. In order
to retrieve wildcard certificates from the Let's Encrypt ACME servers, support
for the dns-01 challenge is required.
dns-01 requires the ACME client to complete the challenge by updating a DNS
record. This is
11 matches
Mail list logo
