That's a Let's Encrypt rather than an ACME one, but to answer for Let's Encrypt: soon! We're working on it. Followup to https://community.letsencrypt.org/ if you have more questions?
Thanks, Jacob On 12/11/2015 02:17 PM, Thomas Lußnig wrote: > Hi, > > are there any information when DNS challenge will be available ? > > Gruß Thomas > > Am 11.12.2015 um 23:03 schrieb Jacob Hoffman-Andrews: >> On 12/11/2015 12:50 PM, Michael Wyraz wrote: >>> I'm new to this mailing list. Today I started a discussion on IRC about >>> the fact that ACME with http-01 won't work if the A record points to an >>> intranet IP address >> In general, publicly trusted CAs are supposed to verify that a name is >> available on the public Internet. >> >>> or is resolved dynamically dependent on geo locations or similar. >> This is a potential issue, and is similar to recently discussed issue >> about choosing from multiple available IPs, but is a harder problem to >> solve. If you push a challenge to just one geo region, a validation >> attempt from a different geo region may not see any relevant IPs. >> >>> The idea to solve these issues is simple: why not using some special >>> dns >>> record to resolve an URL that is responsible for ACME-challenges for a >>> certian domain? This is more flexible than building the URL based on >>> A-Record on a fixed scheme. >> If you're willing to accept a dependency on DNS, it makes sense to just >> use the DNS challenge instead. I think that's probably the ideal >> solution for services that have many frontends and do geo load >> balancing. >> >> _______________________________________________ >> Acme mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/acme > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > _______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
