top | item 40266400

(no title)

If I am not misunderstanding (sorry if I am) it sounds like you use the http challenge where your cert provider tries to GET your challenge file — if so, could the DNS challenge be better suited? There, you put the challenge in a TXT record value

discuss

rglullis|1 year ago

You got it, but your solution won't work because of one detail: I can not use the DNS challenge because I am running a managed service provider, and my customers are the ones who own the domain. All I can do is ask them "please add a CNAME to my gateway", and I need to figure out everything else on my side.

francislavoie|1 year ago

Sounds like you're looking for Caddy's On-Demand TLS, then. No other server or ACME client does this. https://caddyserver.com/docs/automatic-https#on-demand-tls

arccy|1 year ago

ACME supports Delegated Domains for DNS01:

    _acme-challenge.customer.com IN CNAME _acme-challenge.your-automated-domain.org.

jspdown|1 year ago

It might not be suitable for your use case but, have you tried ACME DNS challenge delegation to a different one hosted by yourself?