Support for manual DNS challenge handler
ebekker opened this issue · 2 comments
Is it possible to add support for a manual challenge handler for a DNS challenge?
The lego library already has support for it, and it would an "escape hatch" to possibly support any DNS provider, not just the ones that are first-class supported by lego?
I know the design of the current dns_challenge mechanism makes this a little difficult because it's currently all self-contained and supporting a manual challenge would essentially require a 2-part approach (generate the challenge response details, then submit the challenge response), but I think it's doable.
The other benefit, this would allow an alternative approach to supporting DNS vendors that already have an existing lego provider when there some restrictions or limitations to their current use.
For example, the issue with Route 53 credentials access as described in #27 could be addressed by using a manual challenge handler and combining it with the stock AWS provider resources like aws_route53_zone and aws_route53_record.
Hey @ebekker, sorry, but I don't think we are going to support this in the ACME provider any time soon.
As mentioned in #27, the best way to get a DNS provider that is not supported in the ACME provider right now would be to add it into lego. Further to this, the lego project does not seem to be against adding updates to the DNS providers for not necessarily standard attributes, as shown here.
If you do ever end up making an addition and want it pulled in, please feel free to make a request for a provider refresh as well.
Thanks!