Paul,
On 9/20/23 14:41, Paul Hoffman wrote:
I also do find the value of using selfsigned certs over ACME certs
on the auth server pretty low. It's pretty easy to give a nameserver
with a static name an automatic ACME based certificate. With the
"opportunistic" part being that if the cert fails, to go back to do53.
Is there widespread availability for "ACME certs" for authoritative DNS name
servers that have no web server component reasonably available now? When I looked a few
years ago, they weren't at all.
Yes, via the DNS challenge, which shouldn't really be a challenge for an auth:
https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
Peter
--
https://desec.io/
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy
