-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
README: Add Lego to supported clients #94
Conversation
That's awesome news! Thanks for writing the Lego acme-dns provider! For this PR: I would prefer alphabetical order for the client entries, could you make that change? |
@joohoi NP! For what its worth I switched all of my personal infrastructure over to using Lego + ACME-DNS the other day. Worked great :-) Its nice to be using ACME v2 and wildcard certificates for my own servers finally. Thanks again for the excellent project.
Sure thing, fixed in 247a38c |
Sounds good! I wonder if Lego gives dns providers access to the account details. I have been sketching out a plan to suggest users to add CAA record including ACME CAA extensions, namely the I'm planning to host a public instance at some point when the ACME CAA extensions are turned on in Let's Encrypt production. |
The Lego Its probably doable but I think maybe handling it at the challenge provider level vs as part of the broader client challenge solving process might be a mismatch. |
Thanks for the info! It's exactly the same thing with Certbot hooks. It might be easier to just document around it and tell users where to find the account information then. |
FWIW, this is a really cool idea. But why would the provider need access to the account details? Doesn't registering a new domain with acme-dns require manually adding CNAME records to the host CA anyway? That's the step where the CAA record would be added, right? If you're serving the CAA records with acme-dns that doesn't really make it safe to use a third-party instance since a malicious acme-dns server could just alter the CAA record whenever it wants to misbehave. |
The idea is to instruct the user to add the correct |
Ah, yeah I see. Yes, it would certainly be nice if the CLI could tell you exactly what CAA record to add. |
* README: Add Lego to supported clients * README: List clients in alpha sort
The Lego ACME client/library supports ACME-DNS as of go-acme/lego@04e2d74 馃帀