Ludovic Courtès <[email protected]> writes:
>> The problem with naive Let’s Encrypt updates is that automatic >> challenges might fail when the “wrong” server is returned by the DNS >> server. “certbot” can be used with manual DNS validation, which >> requires us to deploy a DNS TXT record. This can be automated with >> certbot hooks (scripts that have access to the token that should be >> published via environment variables) or through JSON mode, which returns >> an object with the token that can be processed through other means. > > I didn’t know about all this! Looks like our Certbot service doesn’t > support it though? That’s right. The question is what we want to do in the auth hook when this is performed in the service. We could just punt and have the user supply the path to a custom hook script. > Let’s see if we can bring more knowledgeable people on board… Yes please! :) -- Ricardo
