...I can make certbot talk to the foo.bar.com DNS server, but it tries to add the TXT record for _acme-challenge.foo.com, which that DNS server obviously rejects (and even if it accepted it, that obviously wouldn't work).
I'd be happy to hear there's a way to do it that I missed. Also I'm specifically talking about the rfc2136 support, maybe some of the proprietary certbot backends do support this.
alt Hacker News
I remember being annoyed because the docs don't actually say you can't do it: https://certbot-dns-rfc2136.readthedocs.io/en/stable/
...but they also don't say how to specify the zone to be updated like acme.sh does: https://github.com/acmesh-official/acme.sh/blob/master/dnsap...
So say you want a cert for *.foo.com, and you have:
...I can make certbot talk to the foo.bar.com DNS server, but it tries to add the TXT record for _acme-challenge.foo.com, which that DNS server obviously rejects (and even if it accepted it, that obviously wouldn't work).I'd be happy to hear there's a way to do it that I missed. Also I'm specifically talking about the rfc2136 support, maybe some of the proprietary certbot backends do support this.
EDIT: Here are more references:
https://github.com/certbot/certbot/issues/6566
https://github.com/certbot/certbot/pull/5350
https://github.com/certbot/certbot/pull/6644