Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You got it, but your solution won't work because of one detail: I can not use the DNS challenge because I am running a managed service provider, and my customers are the ones who own the domain. All I can do is ask them "please add a CNAME to my gateway", and I need to figure out everything else on my side.



Sounds like you're looking for Caddy's On-Demand TLS, then. No other server or ACME client does this. https://caddyserver.com/docs/automatic-https#on-demand-tls


ACME supports Delegated Domains for DNS01:

    _acme-challenge.customer.com IN CNAME _acme-challenge.your-automated-domain.org.


That sounds interesting. Do you literally mean that I should use _acme_challenge or were you giving an example?

In concrete terms: to set up an instance for a customer, I've been asking them to set their domain with a CNAME to "gateway.communick.host", where I have traefik already configured with one TLS HTTP resolver and one DNS resolver. and I've been using the HTTP resolver one. Are you saying that I can just configure to use the DNS resolver and it will work, or do I need to tell my customers to add another record for the delegation to work?


It might not be suitable for your use case but, have you tried ACME DNS challenge delegation to a different one hosted by yourself?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: