Where NS8 is deployed behind a reverse-proxy that blocks HTTP-based ACME challenges, the DNS-based challenge is desirable. This scenario often occurs with on-premise NethVoice installations.
It is already possible to switch HTTP-based ACME challenge type from API with set-acme-server action. It is also possible to configure the DNS-01 challenge.
Proposed solution
Implement ACME challenge type selection and full configuration in the cluster-admin TLS certificates page.
Alternative solutions
Continue to rely on CLI-based configurations.
Additional context
The UI already provides a table for ACME server URL configuration, often used to switch to LE Staging environment for testing/development purposes.
See also
Where NS8 is deployed behind a reverse-proxy that blocks HTTP-based ACME challenges, the DNS-based challenge is desirable. This scenario often occurs with on-premise NethVoice installations.
It is already possible to switch HTTP-based ACME challenge type from API with
set-acme-serveraction. It is also possible to configure the DNS-01 challenge.Proposed solution
Implement ACME challenge type selection and full configuration in the cluster-admin TLS certificates page.
Alternative solutions
Continue to rely on CLI-based configurations.
Additional context
The UI already provides a table for ACME server URL configuration, often used to switch to LE Staging environment for testing/development purposes.
See also