Let's Encrypt also supports the dns-01 challenge[1] that doesn't require
any publicly available IPs. Using dns verification is required to obtain a
Let's Encrypt wildcard certificate.
While I tend to prefer using the dns-01 challenge approach
when possible, not all DNS providers have made it easy to
accomplish (the certbot folk have implementations for a
number of the major DNS providers, and one can sometimes
find other 3rd party code for others, but it can still be hard
to setup and use, which means just enough additional
impedance that sometimes people will choose not to use it;
I can't blame them, as sometimes free has a higher cost
than having someone else order the cert from one of
the non-free CAs).
fwiw, IME, one of the lowest-friction dns-challenge tools I've recommended,
and see actually getting used by clients, is acme.sh,
https://github.com/acmesh-official/acme.sh#user-content-8-automatic-dns-api-integration
which supports 'most' of the big dns apis,
https://github.com/acmesh-official/acme.sh/wiki/dnsapi
and, when not an option, is fairly trivial to use manually
https://github.com/acmesh-official/acme.sh#user-content-9-use-dns-manual-mode
https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode
all of this with no cumbersome python, go, webserver, etc deps. just bash
shell.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
