|
|
|
|
|
|
by kuschku
2381 days ago
|
|
|
> Having the DNS credentials laying around on the server is not a good idea. So creating wildcard certs via letsencrypt is a huge pain in the ass. That's absolutely unnecessary Set a NS record for _acme-challenge.domain.tld to your own nameservers, e.g. ns1.myowndomain.tld And have your own name servers only serve the _acme-challenge.domain.tld zone. Now you can just use the RFC DNS updater with your ACME client without any need for credentials for the actual domain.tld zone. I use this currently with my own kuschku.de domain, you can check it out. dig +trace @8.8.8.8 _acme-challenge.kuschku.de ANY |
|
|