Hi Tobias, Tobias Geerinckx-Rice skribis: > Ludovic Courtès wrote: >> Ricardo Wurmus skribis: >>> “certbot” can be used with manual DNS validation, which >>> requires us to deploy a DNS TXT record. This can be automated with >>> certbot hooks (scripts that have access to the token that should be >>> published via environment variables) or through JSON mode, which >>> returns >>> an object with the token that can be processed through other means. >> >> I didn’t know about all this! Looks like our Certbot service >> doesn’t >> support it though? > > Not out of the box, and last time I checked vanilla certbot didn't > provide an nsupdate (RFC2136) hook alongside all the DNSaaS API > rubbish. > > But it's certainly possible, and wonderfully stable once set up. t.gr > runs entirely on GuixSD + Knot + DNS-validated LE certs. Neat. Would you like to help come up with a Knot & Certbot config for guix.gnu.org? :-) The peculiarity is this: --8<---------------cut here---------------start------------->8--- $ getent hosts guix.gnu.org 141.80.181.40 guix.gnu.org 185.233.100.56 guix.gnu.org --8<---------------cut here---------------end--------------->8--- Ludo’.