dns_challenge_override_domain: clarify expected domain and DNS plugin support #367
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For context: I have a CNAME record that makes
_acme-challenge.domain1.com
point to_acme-challenge.domain2.com
.When I was searching online for how to use DNS-01 challenge delegation with Caddy, I was constantly running into pages about DuckDNS plugin's support for this feature (e.g. https://caddy.community/t/can-i-use-dns-alias-mode-to-issue-a-cert-with-caddy/11877). For some reason the
dns_challenge_override_domain
config option (added in Support for DNS challenge delegation caddy#4071) didn't really pop up in my searches until today, and even then I thought I would have to patch the OVH plugin, since it wasn't logging any errors with the override domain set todomain2.com
. It would just timeout and throw an error:no memory of presenting a DNS record for "domain2.com" (usually OK if presenting also failed)
.This post: https://caddy.community/t/global-dns-challenge-and-dns-challenge-override-domain/16773/3 was written for DuckDNS plugin's own
override_domain
option, and as such it said that_acme-challenge
mustn't be prepended to that option's value in Caddyfile. I initially assumed this would be true for OVH plugin as well, despite not having custom override code in it.On the other hand, this post: https://caddy.community/t/issuing-a-cert-with-the-dns-challenge-override-domain-directive-is-not-working-while-possible-to-issue-a-cert-for-the-alias-domain-itself/18477/2 made it clear to me that the domain set for Caddy's own
dns_challenge_override_domain
will be used as-is with (any?) DNS plugin.That was pretty confusing, so I think it would be good to have it clarified in official docs.