alt Hacker NewsYep, but next year they intend to launch an alternative DNS challenge which doesn't require changing DNS records with every renewal. Instead you'll create a persistent TXT record containing a public key, and then any ACME client which has the private key can keep requesting new certs forever.
https://letsencrypt.org/2025/12/02/from-90-to-45#making-auto...
Replies
8cvor6j844qw_d6 • last Monday at 4:59 PM
Great to hear, one less API keys needed for the DNS records.
Oh, sweet! I didn't know about this. I have no need of wildcard certs, but this will greatly simplify the process of issuing certificates for internal services behind my local firewall. No need to maintain an acme-dns server; just configure the ACME client, set the DNS record and you're done? Very nice.