Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACME-DNS: Verify that CNAME for challenge maps correctly #1070

Closed
ericcan opened this issue Mar 14, 2019 · 3 comments
Closed

ACME-DNS: Verify that CNAME for challenge maps correctly #1070

ericcan opened this issue Mar 14, 2019 · 3 comments
Assignees
@WouterTinus
Labels
enhancement
Milestone
2.0.5

Comments

@ericcan
Copy link
Contributor

ericcan commented Mar 14, 2019

The following is a feature request.

Current behavior:
In AcmeDnsClient, the user is instructed in the case of a new acme-dns registration to create a CNAME for the _acme-challenge subdomain. In the case of an existing registration, the user is shown a message that says what the mapping should be.

Proposed behavior:
New registration: Once the user confirms they have set up the CNAME record, we could

  1. Look up the DNS CNAME record on the _acme-challenge subdomain
  2. Report the result of the query
  3. If it matches what is registered, confirm that it is correct
  4. If it doesn't match, restate what the mapping should be and give user the option to retry (to allow for rechecking DNS records or just to give additional time for the change to propagate) or ignore.

Existing registration: we would eliminate the message saying what the map should be. Instead, we would do a DNS lookup, report the result, and if not correct give an option to retry or ignore, as above.

This test (without the retry/ignore) could be added to unattended mode as well for informational purposes.
@ericcan ericcan mentioned this issue Mar 14, 2019
Closed
@WouterTinus WouterTinus self-assigned this Mar 17, 2019
@WouterTinus
Copy link
Member

Great idea, this can even open up the the acmedns-plugin to unattended operation, at least for pre-configured domains. We can start implementing this after the improved DNS resolver lands (#1067).

@WouterTinus
Copy link
Member

The interactive part is done, some support for unattended mode should still be added.

@WouterTinus WouterTinus added this to the 2.0.5 milestone Mar 19, 2019
@WouterTinus
Copy link
Member

Released in 2.0.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@WouterTinus WouterTinus

Labels
enhancement
Projects
None yet
Milestone
2.0.5
Development

No branches or pull requests
2 participants
@WouterTinus @ericcan