Hi Julien,

Thank you for working on this!

Julien Lepiller <julien@lepiller.eu> writes:

> I'm still unsure about how to update the certificates with the dns
> challenge. I found a script that could help us with updating the zone
> served by knot when it's configured as a master.
>
> We could use that to update the required txt record, but we also need
> to make sure the change is propagated to the other server, because we
> don't know which server will be asked to answer the challenge.
>
> With a further delegation of the record for the dns challenge we can
> have two masters, but I'm still stuck at finding a way to communicate
> the challenge between the two servers.
>
> Ideas?

Can we update the DNS dynamically [1]?  Can you share the script?

I still don't know as much about Knot as I should, but I'm surprised
that a change to the primary server's database would not be propagated
to the secondary server's database automatically.  Can you elaborate on
what goes wrong, or maybe explain (even at a high level) how I can try
reproducing the problem with cert renewal locally?

Footnotes: 
[1]  https://tools.ietf.org/html/rfc2136

-- 
Chris