AnsweredAssumed Answered

Support for LetsEncrypt ACME DNS DV?

Question asked by John Holmstadt on Nov 14, 2017
Latest reply on Nov 14, 2017 by John Holmstadt

Normally when using LetsEncrypt as our CA, we use HTTP DV, and that works fine with a blanket redirect on our affected properties from /.well-known/acme-challenge/* to http://dcv.akamai.com/.well-known/acme-challenge/ . However that only works when the hostname is already CNAMEd to an Akamai edge hostname. It is common for our organization to take over hosting content for a client's domain from a competing service, and in many of these cases we either do not have access to the competitor's CMS to add a redirect, or the competitor's CMS is incapable of doing so. We need to be able to do DV prior to moving the site to our service (via Akamai) so we can support HTTPS immediately when we start to take requests. Once we migrate the site to our CMS, the usual HTTP DV would apply. As an alternative, we would have the ability to have our client(s) add a DNS record after some coordination.

 

The summary of this is: Do you (or can you) plan to support ACME domain validation via DNS? Perhaps this might work with a CNAME from _acme-challenge.www.domain.com to a DNS service at Akamai that would work-alike to dcv.akamai.com, providing the required challenge in a TXT record. Even if it were a one-off manual DNS record creation, I would find that to be workable in our case.

Outcomes