• Rob Bos@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 day ago

      Yeah. For wildcard DNS from letsencrypt, you can’t do HTTP validation, only DNS, which involves creating a TXT record.

      Your DNS provider needs to run an ACME server, which runs an API that’ll add the required TXT records on request.

      As I understand it.

      • Elvith Ma'for@feddit.org
        link
        fedilink
        arrow-up
        1
        ·
        13 hours ago

        The DNS provider needs to provide an API, but not an ACME server.

        Your server contacts Lets Encrypt and wants a certificate - say for homeserver.example.com. It tells Let’s Encrypt to use DNS based authentication. Let’s encrypt answers with a challenge code, that you now publish as a txt record with a defined name via your providers API for this (sub)domain. Let’s encrypt then checks the TXT record and if it finds the challenge there, it sends you the certificate.