Some additions, sorry I'm bad with writing messages:
> This will allow to issue certs without open ports or
Sorry, was distracted and forgot that I didn't finish that,
I meant that it allows to have to have benefits of DNS-01 without relying
on having a separate code for each DNS provider in something like dpapi,
and without waiting for DNS propagation each time, which is important
as people shift towards certificate lifetimes as low as 7 days.
> It is already basically implemented,
Still pretty WIP though.
> but I still want to wait some time before merging
> Letsencrypt stated that they will implement it this year.
Waiting on support in Letsencrypt Pebble at least.
> My branch assumes that DNS records are already propagated,
Now am thinking that this probably doesn't matter much, my concern
was about CA ratelimiting during retries, if anyone has a problem
with that it could serve as an improvement later.
---
I found that iterating over arrays with mjson is kinda not efficient?
And also pretty clunky... I mean it doesn't matter here really, at all,
but with the removed mjson_next it is slightly better than using sprintf...
Though the API is still pretty baaaad,
I tried to use mjson_next as an experiment on my branch,
to see what it looks like, it is still clunky but at least makes more sense.
IDK if I would keep that though, what do you think?
BTW I want to mention yyjson: https://github.com/ibireme/yyjson
Just in case you didn't hear about it. I don't really suggest
integrating it,
at this point at least, it is larger and the code is extremely hard to read,
but if you plan to use json in more places in the future it may worth
looking into it, as it is about infinite times faster (tm)
---
DNS-PERSIST-01 allows to set an expiration date on the record optionally,
so there is a possible point for integration with dpapi.
Honestly I don't see a reason to use that, DNS-01 already exists,
but if there is a use case, integration with dpapi could be added later.
I wont implement that at this point because I don't know how and why
and I don't care. I will look into doing that later though if it isn't
hard to do.
