Ludo', Guix,
Ludovic Courtès wrote:
Ricardo Wurmus <[email protected]> skribis:
“certbot” can be used with manual DNS validation, which
requires us to deploy a DNS TXT record. This can be automated
with
certbot hooks (scripts that have access to the token that
should be
published via environment variables) or through JSON mode,
which returns
an object with the token that can be processed through other
means.
I didn’t know about all this! Looks like our Certbot service
doesn’t
support it though?
Not out of the box, and last time I checked vanilla certbot didn't
provide an nsupdate (RFC2136) hook alongside all the DNSaaS API
rubbish.
But it's certainly possible, and wonderfully stable once set
up. t.gr runs entirely on GuixSD + Knot + DNS-validated LE certs.
Kind regards,
T G-R
