DNS-challenge
crenanlouzada opened this issue · 3 comments
please, would you have an example with dns-challenge besides http-challenge?
to show the idea, I tried to change the line of code (certbot.go) where it says:
chal, ok: = auth.ChallengeMap [acme.ChallengeTypeHTTP01]
to
chal, ok: = auth.ChallengeMap [acme.ChallengeTypeDNS01]
and put the entry in the dns but it doesn't work based on the content of (tokenFile) coming from $ {webroot} /. well-known
Hi
Thanks for the suggestion, I'll look at adding an example using the dns challenge method. The problem here being it's usually much more complex to fulfill the challenge so maybe it will just prompt the user instead.
You need to change the token slightly. For future reference: https://tools.ietf.org/html/rfc8555#section-8.4
A client fulfills this challenge by constructing a key authorization from the "token" value rovided in the challenge and the client's account key. The client then computes the SHA-256 digest [FIPS180-4] of the key authorization.
The following function can help with generating that for you:
Line 13 in bab39d3
I've added a section to the certbot example which outlines this. Due to the complex nature of actually fulfilling DNS challenges, I can't think of a nice way to actually demonstrate this further. Might come back in future with any further thoughts or suggestions.