| I haven't looked at DNS in depth in a very very long time. My recollection is that it is a pretty simple protocol. Is that still the case? If it is, I wonder if it would be reasonable to build a small stand-alone DNS server specifically to use with Let's Encrypt for this. You run this on your own server, and it only handles the domains that you need to satisfy Let's Encrypt. Point the _acme-challenge record there with a CNAME on your "real" DNS server, and whenever you are getting or renewing a Let's Encrypt certificate, bring up the small stand-alone server. When the certificate issues or is renewed, shut down the small stand-alone server. Some Googling of the form "simple DNS server $LANG" for various programming languages $LANG turns up a few that could provide nice starting points. Perl: on meta::cpan there is Net::DNS::Nameserver, meant to provide a local nameserver for testing local client resolvers, but would probably be adaptable. Python: [1] under 50 lines and using no imports other than "socket". It's very minimal, but shows dealing with the protocol. [2] [3] [4] are all using something called "dnslib". [2] is nearly 150 lines, but it is more complicated than we need. It's even using multithreading. Same for [3]. [4] is much similar, and much smaller (comparable to using Net::DNS::Nameserver in Perl). Another library for simple DNS in Python is pydnserver [5]. PHP: I didn't find anything simple. All I found was much more full featured and many more lines of code than we need. Go: [6]. Bash: [7]. I'm not sure what disturbs me more. That someone made this, or that I searched for it. Ruby: [8]. [1] http://code.activestate.com/recipes/491264-mini-fake-dns-ser... [2] https://gist.github.com/andreif/6069838 [3] https://gist.github.com/pklaus/b5a7876d4d2cf7271873 [4] https://stackoverflow.com/questions/33531551/how-to-create-a... [5] https://pypi.org/project/pydnserver/ [6] https://gist.github.com/walm/0d67b4fb2d5daf3edd4fad3e13b162c... [7] https://gist.github.com/CheRuisiBesares/f35f71f028926e65191d... [8] https://github.com/socketry/rubydns |