From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
Subject: Re: certbot-service wildcard support
Date: Sat, 04 Aug 2018 11:34:54 +0200
Message-ID: <87zhy2iif5.fsf@lassieur.org>
References: <20180804075904.7iwtojwnntypoaju@abyayala>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41719)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <clement@lassieur.org>) id 1flsxi-00076d-GC
	for guix-devel@gnu.org; Sat, 04 Aug 2018 05:35:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <clement@lassieur.org>) id 1flsxd-0004sy-ID
	for guix-devel@gnu.org; Sat, 04 Aug 2018 05:35:00 -0400
Received: from mail.lassieur.org ([83.152.10.219]:59608)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <clement@lassieur.org>)
	id 1flsxd-0004sa-6s
	for guix-devel@gnu.org; Sat, 04 Aug 2018 05:34:57 -0400
In-reply-to: <20180804075904.7iwtojwnntypoaju@abyayala>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Nils Gillmann <ng0@n0.is>
Cc: guix-devel@gnu.org

Nils Gillmann <ng0@n0.is> writes:

> Hi,
>
> recently letsencrypt added support for wildcard certificates.
>
> Since we concluded that it would be a good idea for Taler to
> just use that instead of roughly 30 - 40 subdomain certificates:
>
> Does our certbot-service support the wildcard functionality?

It doesn't, because it doesn't support DNS challenges.

I tried to add support for DNS challenges, but I stopped because my DNS
provider (Namecheap) doesn't have an API to update DNS records.  (Well,
it does, but the API has access to everything and I can't afford the
security risk.)

The problem with DNS challenges is that there is no universal way to
update the records.  It depends very much on the provider (unless you
host your DNS zone).

I packaged PYTHON-DNS-LEXICON though, it might help if you want to work
in this.

Cl=C3=A9ment