-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate "get-certs" (Let's Encrypt) support #1400
Comments
Its really a good feature!... We can manage all domain related things like (manage dns + certificate) in one place!... Please for now don't remove it!.... Unless it breaks! |
I didn't even know this feature existed. I think this should not be the concern of DNSControl. For me, DNSControl is an application that is intended to be primarily run in CI. Thus, I don't see how issuing certificates would be beneficial. This is a concern of a load balancer or any other public-facing server. There are other projects that are better at fulfilling this need, e.g., cert-manager. On that note: I'm also not quite sure whether I like the deep integration with Cloudflare's redirects and workers. But I can see how that's related to DNSControl's goal. Both are redirects/routes in a way. |
Removing it when it breaks sounds like a terrible idea. People would be stranded. We'd rather give people advanced warning so they can remove it on their schedule. (Which is why we're starting the discussion now.) |
The motivation was: Let's Encrypt DNS01 requires the ability to talk to your DNS Provider, and dnscontrol already does that, it seems like a good match. |
Oh Sorry i'm not giving any idea!... i'm just saying if no one step forward to maintain it!... Then maybe removing it is only option! |
It's useful! At least in Private ORG's |
That's not what I was trying to suggest, sorry for causing confusion here.
Certbot supports DNS01 domain verification too. So there's really no benefit in using DNSControl. The other tools are more widely used for this purpose too, so finding help and integrations is a lot easier with them. |
I've decided to deprecate this feature.
I haven't set a specific date but it will most likely be early 2023. I'd like to thank @captncraig for the original implementation. It's high quality code and one of the first DNS-01 implementations. |
certbot uses python plugins for the dns request. I think -without having python knowledge- it would be easy to write a plugin for dnscontrol. I took a look at https://github.com/siilike/certbot-dns-standalone and it seems no magic. In this case certbot would do all the certificate stuff and dnscontrol would publish and remove the dns records for verification. just my two cents. |
I haven't counted lately but last I checked, certbot supported more providers than DNSControl. What would the benefit be of having certbot call dnscontrol? |
It makes it easier to configure certbot, if you already have configured DNSControl. I think "DNSControl will achieve world domination" smile and will soon support more provider then certbot. grin |
I hate to be a bummer but... I'm not interested in world domination. I'm interested in doing a few specific tasks well. A tight-coupling between certbot and dnscontrol sounds like a support nightmare. |
@tlimoncelli, should we phase out this feature? |
Update: |
We are considering removing this feature in the future.
Why:
Post your thoughts in the comments.
DECISION:
get-certs
/ACME support is frozen and will be removed without notice between now and July 2025.The text was updated successfully, but these errors were encountered: