|
|
|
|
|
|
by regecks
2628 days ago
|
|
|
You can also CNAME your _acme-challenge record to another zone and perform the updates on the target zone, avoiding overprivileging your webserver. https://github.com/joohoi/acme-dns is a server implementation of that, and a number of popular clients support it. Or if you don't want to run acme-dns, some ACME clients support an "alias" mode that essentially does the same thing using generic DNS CNAMEing. Annoyed that Route53 IAM still doesn't let you limit the record label ... |
|
|