Julien,
Julien Lepiller wrote:
Was it… DNS-01 challenges? That doesn't even care about IPs at
all.
Does it mean we need to manually update the zone?
I was about to write ‘no, ha ha, imagine that’, but then I
remembered that you're using the Guix service configuration
wrappers which do hard-code the zone data in the system
configuration :-/
You can always delegate a subdomain just for the ACME challenges,
though, and have that statefully updated by a certbot hook. I'm
being vague because I don't know the exact names, but it's
completely supported.
How do you automate that process?
Me personally? RFC-2136 (‘nsupdate’) dynamic updates, allowed
only from localhost. But I never use Guix's service configuration
wrappers.
Kind regards,
T G-R
