| ▲ | bananapub 2 days ago | |
tangentially, for anyone looking to make their lives easier, you can run `acme-dns` on a spared 53/udp somewhere, CNAME the _acme_challenge. from your real DNS hosting to that, then have `lego` or whatever do DNS challenges via acme-dns - no need to let inscrutable scripts touch your real DNS config, no need for anything to touch your HTTP config. | ||
| ▲ | elric 2 days ago | parent | next [-] | |
I wish DNS providers offered more granular access control. Some offer an API key per zone, others have a single key which grants access to every single zone in your account. I haven't come across any that offer "acme-only" APIs. It's on my long list of potential side projects, but I don't think I'll ever gey around to it | ||
| ▲ | Arnavion 2 days ago | parent | prev [-] | |
You can also use an NS record directly instead of CNAME'ing to a different domain. | ||