Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Feature: surrogate validation domain/zone support #369
Using DNS validation it can be useful to have a surrogate domain for validation only, this means that DNS API credentials only have access to the validation domain/subdomain instead of the real domain DNS.
Currently Certify DNS api's will attempt to create/update the TXT record in the 'domain.com' zone related to the API credentials, if the credentials actually apply to the surrogate domain zone 'validation.domain.com' this fails because 'domain.com' is not found in the zone.
The app needs to allow an optional surrogate domain to be specified for validation to allow for this case.
As an extension to this idea, the proposed solution for CNAME redirection is to provide a hosted/managed service for DNS validation:
This approach is similar to acme-dns, but perhaps simpler.
Proposal is to host the redirected TXT records within AWS Route53 or other cloud DNS providers.