Hi,
I have a feature request which I thought I'd discuss here before
creating a ticket.
I use Letsencrypt with the DNS01 challenge, so I can get certs for
internal DNS names which are not reachable over the Internet.
To avoid making all my zones subject to dynamic updates, I use CNAME
records to point to a single dynamic domain. Say my dynamic update zone
is "acme.example.com", but I want to issue a cert for "www.foo.com". I
add a CNAME record like this:
_acme-challenge.www.foo.com. CNAME
_acme-challenge.www.foo.com.acme.example.com.
Then I configure the nsupdate request to put the TXT record under
_acme-challenge.www.foo.com.acme.example.com. instead of
_acme-challenge.www.foo.com. When using dehydrated or acme.sh, that's
just a question of configuring the challenge script properly.
This all works nicely, and is pretty standard: e.g.
https://www.crc.id.au/using-centralised-management-with-lets-encrypt/
Unfortunately in the pfSense (2.4.1) GUI, I can't see a way to configure
this.
I would like either:
- an extra setting for "dynamic update zone", which is appended to the
nsupdate name
- an override for the whole name (i.e. can replace
_acme-challenge.www.foo.com with an arbitrary nsupdate target)
Does this sound reasonable?
Thanks,
Brian.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
