On Sat, Apr 05, 2025 at 07:38:19AM -0700, Bill Sommerfeld via mailop wrote: > On 4/5/25 06:42, Lyle Giese via mailop wrote: > > Let's Encrypt requires (according to documentation I have seen) Port 80 > > TCP be in use for verification. I have no other legit use for Port 80 > > on this smart host and decided a long time ago, not to use Let's Encrypt > > for that reason. > > That's true for the HTTP-01 challenge type, but Let's Encrypt also allows > the use of other challenge types. > > The DNS-01 challenge protocol verifies domain ownership through DNS by > having you add a TXT record to your domain for each certificate request. > > I found it a bit annoying to automate it but it's a better setup for me than > running a bunch of otherwise-useless http servers. > > See https://letsencrypt.org/docs/challenge-types/ for more information.
I think the key point here is that you can delegate _acme-challenge. In my case I delegate that to the host itself, and as I am running PowerDNS there anyway I then use a acme-specific lua backend to get the challenge TXT record from a file written by (a modified) acme-tiny.py. Works really well for me. Christof -- https://cmeerw.org sip:cmeerw at cmeerw.org mailto:cmeerw at cmeerw.org xmpp:cmeerw at cmeerw.org _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
