Support DNS validation method #41
Comments
|
Hi, I'm also interested in dns challenge. Just like @pearj I have an openshift cluster where routes are not accessible from the internet. Instead of Route 53 I'm using google cloud dns. I saw that you have to develop a plugin. Is there any further information? I would like to develop one for the google cloud platform, if there isn't already one. Thanks |
|
Hi @pearj and @andreas-kowasch unfortunately openshift-acme doesn't support dns challenges yet. But let me assure you that I see this as a perfectly valid use case and this is on our roadmap. As the DNS exposing is heavily dependent on your provider API the plan is to use plugin API to support wide range of provides. |
|
I don't suppose we can leverage the existing certbot plugins somehow? Maybe you could use https://github.com/go-python/gopy or https://github.com/sbinet/go-python then you could re-use all of the existing plugins in go? What do you think? |
|
For the long term I'd like to do the DNS plugin REST based to be language independent so you would just wrap those in simple http server. To start with I'll probably use some of the native Go ones already there. |
|
Let's Encrypt recently started offering wildcard certs, with DNS validation only.
|
|
Yes, wildcard certs are interesting mainly because of providing them for default router and thus for routes using the default domain. In some environments users are not allowed to have custom host or upload their own certs. I guess that raises priority for implementing DNS challenge. When the rewrite merges, things should get moving more fluently. |
|
Now that the rewrite has been merged and seems to have improved the overall state very well, are there any plans to continue on this side of things? DNS validation would be a great addition, as Wildcard support get's requested more and more. |
|
About plugins: there is discussion on kubernetes-sigs/external-dns#555 about what it would take for external-dns to abstract this away. |
|
That looks promising at least as a library. Thanks for pointing that out. |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/reopen |
|
@tnozicka: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Any updates on this feature? Thanks :) |
|
not yet, but with ACME v2 merged it's not far :) |
|
Excellent, thanks for update. |
|
Any updates on this? |
|
Any updates for Route 53 domain validation? Thanks |
Hi,
I have an openshift deployment where the routes are not internet accessible, so I need to use dns to do domain verification instead.
Does openshift-acme support the dns method? I saw some passing references, but I have no idea how to actually configure it.
I'd be using Route 53 in the first case.
Thanks
The text was updated successfully, but these errors were encountered: