Mark Tomlin <[email protected]> wrote: > I have a bit of a feature request for you all. It's actually to remove > the hyphen from the TXT records to make it easier to copy and paste into a > DNS server record. Here's my scenario. I ran the following command on my > server (Ubuntu 20.04) that as you can see has cerbot on it and a large > number of domains to cover.
It is annoying, and I've run into the same problem as well.
The challenge is a base64url encoded (RFC4648) nonce. It is preferred by web
programmers because it does not use + or /, which are special in URLs.
The base64 alphabet doesn't use -, but does use + and /, but which would
copy and paste better.
The format and contents of the nonce are not mandated by RFC8555, so
LetsEncrypt change this in many different ways.
It would be a unilateral decision on the ACME server only.
I actually think that BASE32 encoding would probably better: you could
probably write a pull-request to the letencrypt code base to do this.
I don't know how they would feel about this, but it would be worth learning.
> Please deploy a DNS TXT record under the name
> _acme-challenge.mimocad.io with the following value:
> 6-K6v7VjtVpGhJk4d6Zx8qxsg6JFUZbGnnr-bDpKpSc
What annoyed me here when renewing a system with 10 different aliases is that
I don't know when I've gotten to the last one. I should be shown all
10 at the same time, so that I can put them all in place, and then reload the
zone. Instead, I count (badly), reload the zone too late or too soon...
Even better if they add the entire DNS presentation lines so that
I could copy&paste the entire set.
But, again, this is a client code issue, and not a protocol issue.
I have since bit the bullet and gotten nsupdate to do the right thing,
and it now autorenews on it's own, as Ghod intended.
--
Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
