[Letsencrypt-devel] Bug#873112: dehydrated-hook-ddns-tsig: please support placing challenge in different hostname than _acme-challenge.domain.ext

[Markus Treinen]

Package: dehydrated-hook-ddns-tsig
Version: 0.1.1-1
Severity: wishlist

Hello,

some people use static zone files in most of their zones and dynamic dns only in one or a few other zones.
To use dns-01 challenge, the zone has to be dynamic, which is often not possible in this constellation.
The solution is setting a CNAME from _acme-challenge.domain.ext to i.e. domain.ext.dynamiczone.otherdomain.ext. This lets ACME check the challenge in a static zone while allowing dehydrated to update the dynamic entry.

Would it be possible to include an option to transform the original location of the challenge to the other location in the dynamic zone? Perhaps by using a regular expression substitution rule:
  s/^_acme-challenge\.(.+)$/$1.dynamiczone.otherdomain.ext/

Cheers,
Markus

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.12.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dehydrated-hook-ddns-tsig depends on:
ii  dehydrated        0.4.0-2
ii  python            2.7.13-2
ii  python-dnspython  1.15.0-1

dehydrated-hook-ddns-tsig recommends no packages.

dehydrated-hook-ddns-tsig suggests no packages.

-- no debconf information