|
From: | Tobias Geerinckx-Rice |
Subject: | Re: DNS delegation |
Date: | Fri, 15 Mar 2019 15:11:02 +0100 |
Julien, Julien Lepiller wrote:
Was it… DNS-01 challenges? That doesn't even care about IPs at all.Does it mean we need to manually update the zone?
I was about to write ‘no, ha ha, imagine that’, but then I remembered that you're using the Guix service configuration wrappers which do hard-code the zone data in the system configuration :-/
You can always delegate a subdomain just for the ACME challenges, though, and have that statefully updated by a certbot hook. I'm being vague because I don't know the exact names, but it's completely supported.
How do you automate that process?
Me personally? RFC-2136 (‘nsupdate’) dynamic updates, allowed only from localhost. But I never use Guix's service configuration wrappers.
Kind regards, T G-R
[Prev in Thread] | Current Thread | [Next in Thread] |