No, the way these tools would get used is on the actual edge/termination servers which I generally wouldn't want to give access to DNS for security reasons. DNS validation would definitely help with zero-downtime updates overall though, but require some level of central command and control system to keep it all organized. That would be awesome for people using primarily API-driven termination points though, like AWS ELBs or a Fastly CDN.
--Noah > On Dec 7, 2015, at 2:00 PM, Eric Mill <[email protected]> wrote: > > Would a DNS-based validation process (part of the ACME spec, but not yet > implemented for LE) make your problems go away? > > -- Eric > > On Mon, Dec 7, 2015 at 3:12 PM, Peter Eckersley <[email protected]> wrote: > One thing I'll say that we've learned from supporting the official > letsencrypt client is that different types of "simple" work for > different people. On Ubuntu 14.04, which is our most popular platform, > The breakdown of authenticator plugins used when successfully obtaining > certs is like this: > > 34% use the Apache plugin (also supports cert installation) > 32% use the "standalone" plugin > 23% use the "webroot" plugin > 6% use "manual" plugin > 5% use the third party Plesk plugin (also supports cert installation) > > Similarly in support forums, when people have trouble but can be helped > across the line, it's a pretty diverse set of methods that wind up > working for them. > > On Mon, Dec 07, 2015 at 11:56:34AM -0800, Noah Kantrowitz wrote: > > I wrote up some thoughts that have been brewing in my head for a bit on > > making a truly transparent/generic ACME client, would love more eyes on it > > in the hopes I've missed an option here: > > https://coderanger.net/better-lets-encrypt/ > > > > --Noah > > > > > > > _______________________________________________ > > Acme mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/acme > > > -- > Peter Eckersley [email protected] > Chief Computer Scientist Tel +1 415 436 9333 x131 > Electronic Frontier Foundation Fax +1 415 436 9993 > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > > > > -- > konklone.com | @konklone > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
