this post was submitted on 14 Sep 2024
50 points (91.7% liked)
Firefox
17937 readers
37 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I use a wildcard cert in some places, but most of them are individual certs. You can have multiple ACME DNS challenges on a single domain, for example
_acme-challenge.first.int.example.com
and_acme-challenge.second.int.example.com
forfirst.int.example.com
andsecond.int.example.com
respectively.The DNS challenge just makes you create a TXT record at that
_acme-challenge
subdomain. Let's Encrypt follows CNAMES and supports IPv6-only DNS servers, so I'm using some software called "acme-dns" to run a DNS server specifically for ACME DNS challenges. It's just listening on a IPv6 in one of my VPS /64 IPv6 range.