Ludo', Guix, Ludovic Courtès wrote: > Ricardo Wurmus skribis: >> “certbot” can be used with manual DNS validation, which >> requires us to deploy a DNS TXT record. This can be automated >> with >> certbot hooks (scripts that have access to the token that >> should be >> published via environment variables) or through JSON mode, >> which returns >> an object with the token that can be processed through other >> means. > > I didn’t know about all this! Looks like our Certbot service > doesn’t > support it though? Not out of the box, and last time I checked vanilla certbot didn't provide an nsupdate (RFC2136) hook alongside all the DNSaaS API rubbish. But it's certainly possible, and wonderfully stable once set up. t.gr runs entirely on GuixSD + Knot + DNS-validated LE certs. Kind regards, T G-R