You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is correct. However, Certbot overrides any identifier type and always sends dns when making a new order. In particular, it uses IdentifierType.IDENTIFIER_FQDN (see certbot code). Awared of this issue, I had two options:
Modify Certbot. I am reluctant on forking dependencies to fit the needs. Certbot is actively maintained and having a fork only for a single line is a major effort.
Obviate this issue and adapt the backend. Since email-reply-00 challenge only specifies one identifier type, I adapted the backend to support dns and email identifier types when email-reply-00 is used. This is not 100% RFC compliant but it achieves the objective.
I do not know the future plans of Certbot or even email-reply-00 challenge will be supported. I hope it will, but in the meantime, I provide this temporary solution.
When ordering an identifier, type
dns
is used. An RFC8823 conformant order should have type set toemail
.Please see https://datatracker.ietf.org/doc/html/rfc8823#section-3 for more information.
The text was updated successfully, but these errors were encountered: