[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: certbot-service wildcard support
|
From: |
Clément Lassieur |
|
Subject: |
Re: certbot-service wildcard support |
|
Date: |
Sat, 04 Aug 2018 11:56:39 +0200 |
|
User-agent: |
mu4e 1.0; emacs 26.1 |
Nils Gillmann <address@hidden> writes:
> Clément Lassieur transcribed 847 bytes:
>> Nils Gillmann <address@hidden> writes:
>>
>> > Hi,
>> >
>> > recently letsencrypt added support for wildcard certificates.
>> >
>> > Since we concluded that it would be a good idea for Taler to
>> > just use that instead of roughly 30 - 40 subdomain certificates:
>> >
>> > Does our certbot-service support the wildcard functionality?
>>
>> It doesn't, because it doesn't support DNS challenges.
>>
>> I tried to add support for DNS challenges, but I stopped because my DNS
>> provider (Namecheap) doesn't have an API to update DNS records. (Well,
>> it does, but the API has access to everything and I can't afford the
>> security risk.)
>>
>> The problem with DNS challenges is that there is no universal way to
>> update the records. It depends very much on the provider (unless you
>> host your DNS zone).
>
> How is that related? Or am I using certbot on Debian wrong? I simply added
> an entry manually. I don't even want a service to mess around with DNS, at
> least not unless it is required.
> Which in my experience it is not. You can add the entry manually, which is
> what we'd have done for taler.
Oh. I though it had to be updated every three months, which is why I
wanted to automate it. But if it has to be updated only once, then it's
not a problem.
>> I packaged PYTHON-DNS-LEXICON though, it might help if you want to work
>> in this.
>
> If you can tell me more about this, and why you think that software is
> required for this, then it would be in my responsibility to work on this.
It's just a tool that automates DNS records updating, but you won't need
it if the DNS record used by Certbot only needs to be updated once.