> The key advantage of [DNS-PERSIST-01] is that the DNS TXT entry used to demonstrate control doe...

secret-noun • today at 6:33 AM • 2 replies • view on HN

> The key advantage of [DNS-PERSIST-01] is that the DNS TXT entry used to demonstrate control does not have to change every renewal.

> We expect DNS-PERSIST-01 to be available in 2026

Very exciting!

https://datatracker.ietf.org/doc/html/draft-sheurich-acme-dn...

Replies

redrove • today at 7:07 AM

Big news for both the lazy homelab admin that can set a TXT once and ultimately be more secure without spraying DNS Zone Edit tokens all over their infra AND for the poor enterprise folks that have to open a ticket and wait 3 weeks for a DNS record.

➕ show 4 replies

flowerthoughts • today at 7:18 AM

This replaces an anonymous token with a LetsEncrypt account identifier in DNS. As long as accounts are not 1:1 to humans, that seems fine. But I hope they keep the other challenges.

I really would have felt better with a random token that was tied to the account, rather than the account number itself. The CA side can of course decide to implement it either way , but all examples are about the account ID.

➕ show 3 replies

alt Hacker News

Replies