No, the way these tools would get used is on the actual edge/termination 
servers which I generally wouldn't want to give access to DNS for security 
reasons. DNS validation would definitely help with zero-downtime updates 
overall though, but require some level of central command and control system to 
keep it all organized. That would be awesome for people using primarily 
API-driven termination points though, like AWS ELBs or a Fastly CDN.

--Noah

> On Dec 7, 2015, at 2:00 PM, Eric Mill <[email protected]> wrote:
> 
> Would a DNS-based validation process (part of the ACME spec, but not yet 
> implemented for LE) make your problems go away?
> 
> -- Eric
> 
> On Mon, Dec 7, 2015 at 3:12 PM, Peter Eckersley <[email protected]> wrote:
> One thing I'll say that we've learned from supporting the official
> letsencrypt client is that different types of "simple" work for
> different people.  On Ubuntu 14.04, which is our most popular platform,
> The breakdown of authenticator plugins used when successfully obtaining
> certs is like this:
> 
> 34% use the Apache plugin (also supports cert installation)
> 32% use the "standalone" plugin
> 23% use the "webroot" plugin
> 6%  use "manual" plugin
> 5%  use the third party Plesk plugin (also supports cert installation)
> 
> Similarly in support forums, when people have trouble but can be helped
> across the line, it's a pretty diverse set of methods that wind up
> working for them.
> 
> On Mon, Dec 07, 2015 at 11:56:34AM -0800, Noah Kantrowitz wrote:
> > I wrote up some thoughts that have been brewing in my head for a bit on 
> > making a truly transparent/generic ACME client, would love more eyes on it 
> > in the hopes I've missed an option here: 
> > https://coderanger.net/better-lets-encrypt/
> >
> > --Noah
> >
> 
> 
> 
> > _______________________________________________
> > Acme mailing list
> > [email protected]
> > https://www.ietf.org/mailman/listinfo/acme
> 
> 
> --
> Peter Eckersley                            [email protected]
> Chief Computer Scientist          Tel  +1 415 436 9333 x131
> Electronic Frontier Foundation    Fax  +1 415 436 9993
> 
> _______________________________________________
> Acme mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/acme
> 
> 
> 
> --
> konklone.com | @konklone
> _______________________________________________
> Acme mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/acme

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme

Reply via email to