On Sat, Oct 08, 2022 at 03:50:35PM +0200, Fabian Arrotin wrote: > On 07/10/2022 21:25, Nick Bebout wrote: > > DNS validation needs someone (or a DNS plugin for Certbot) to add a DNS > > record each time the certificate renews (by default Certbot renews 30 > > days before expiration. This works very well if your DNS provider is > > supported by one of certbot's plugins, but not as well if you have to > > update it manually. I'm not sure if there is a way to integrate it into > > our current DNS setup. > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > > For centos.org (and sub-domains) we're also using DNS validation with ACME > and it's all automatic : bind supports dynamic zones (and we have a > delegated acme.centos.org zone for that reason) : I already mentioned it to > Kevin and Mark and pointed to the presentation : so one doesn't have to edit > DNS : just let the tool do it for you :) Yeah. We just haven't set this up yet. Might be a nice thing to do after f37 is out the door. We do have automated http challenges, so we can (and do) get non wildcard certs that way in a automated way, just not the wildcard ones (they need dns). Thanks for dealing with this Nick! kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
