Y
Hacker News
new
|
ask
|
show
|
jobs
by
Arnavion
311 days ago
You can do it with an NS record, ie _acme_challenge.realdomain.com pointing to the DNS server that you can program to serve the challenge response. No need to make a CNAME and involve an additional domain in the middle.
1 comments
aflukasz
311 days ago
Yeah, but then you can just as well use http-01 with like same effort.
link
gruez
311 days ago
no, because dns supports wildcard certificates, unlike http.
link
cpach
311 days ago
dns-01 is also good for services on a private network.
link
aflukasz
311 days ago
Ah, good point.
link