Comment by asdfasdfadsfs
12 hours ago
I would say acme-challenge is one of the most used ones. How else would one get SSL certificates today
12 hours ago
I would say acme-challenge is one of the most used ones. How else would one get SSL certificates today
DNS TXT challenge for example. Also better because you can get wildcard certs.
The great virtue of the in-band challenge types is that web servers can just handle them out of the box, without any need for a separate setup step that depends on your stack. I think this has done a heck of a lot to increase adoption of HTTPS.
Also, DNS-PERSIST-01 seems to be coming soon for Let's Encrypt, which should allow even people that can't easily dynamically update their DNS records to get wildcard certs. I assume this might become more widely used than HTTP-01 challenges.
I wish someone would write a blog post about the difference between DNS registrars and DNS hosts, because I've seen people assume they need to use a registrar that has an API in order to change their DNS records programmatically. I used to assume that too.
3 replies →