CNAME Support #159
Comments
|
I will consider implementing it, but it is a low priority. |
|
I would also benefit from this. I rely on sjkp/letsencrypt-siteextension version for external clients. |
|
Now that I have a better understanding of CNAME support, I will start to consider supporting it when I have more time. |
|
I would also like to +1 this feature, here is a good explanation of the potential benefits: https://poshac.me/docs/v4/Guides/Using-DNS-Challenge-Aliases/ |
|
I would also like to see this feature. My organization is unable to move to a currently supported DNS provider and being able to simply redirect from a supported DNS to our own would be an ideal solution. |
|
Hi.. would be great if this could be merged |
|
Yes, please consider merging this feature! |
|
Is this feature fully implemented now? |
|
Hello, I would love to see support for this as well. Thanks. |
|
Bump. Are CNAME aliases supported now? |
|
Hi. Any update on CNAME aliases support? Thanks. |
|
We need this too. I'm going to have to do this with certbot on a VM for now otherwise. |
|
Would be great to see this implemented as well. From a security POV, this is nearly a necessity. Requiring an API key that has the ability to modify records in a production domain requires onerous security approval. Having a delegated domain, just for the validation TXT records decreases the risk considerably. |
|
Experimental CNAME support has been added in v4.2.0. Please refer to the summary of the pull request for details. |
Is your feature request related to a problem? Please describe.
I work with many different clients which use different DNS providers than those supported here. One easy workaround is to use CNAME aliases to redirect to a subdomain and delegate the subdomain to Azure DNS.
More information here: https://www.eff.org/deeplinks/2018/02/technical-deep-dive-securing-automation-acme-dns-challenge-validation
Describe the solution you'd like
Possible solution here could be to add a 'Delegated zone' checkbox which changes 'DNS Zone' field to 'Delegated DNS Zone' and 'DNS Names' field changes to allow the zonename to be edited.
When API request is sent it will send both:
record.delegated.example.tld (delegated record to create)
record.example.tld (certificate to request)
Describe alternatives you've considered
Alternative is creating a own solution or moving zones to supported provider.
The text was updated successfully, but these errors were encountered: