OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: rodig0 on April 08, 2019, 11:44:27 am

Title: Create DNS override TXT records for ACME-02 LE challenge
Post by: rodig0 on April 08, 2019, 11:44:27 am: Hi,there
UFABET (https://www.ufa365.com/)
is it somehow possible to create Unibound DNS override for TXT record? I only see A (AAAA) or MX records override.
Adding custom TXT records locally would be super useful for DNS ACME-02 challenge to generate wildcard LE certificates locally.

Thank in advance.
Title: Re: Create DNS override TXT records for ACME-02 LE challenge
Post by: mitsos on April 08, 2019, 10:35:50 pm: I don't think you quite understand how let's encrypt works. You aren't verifying the TXT records, they verify them through their server *then* sign the certificate. Your client only sees a "OK" or "not OK" response that is coming from them (and the certificate of course).

Otherwise you would generate a *.paypal.com certificate that correctly validates on your end user's browser (rendering the entire PKI useless).

A TXT record override could be useful, but for any other reason other than let's encrypt.

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy