Zulakis

Asked: 2016-04-27 02:51:15 +0800 CST2016-04-27 02:51:15 +0800 CST 2016-04-27 02:51:15 +0800 CST

Reuse letsencrypt dns challenge

With letsencrypt, certificates have to be renewed every 90 days. Everytime a cert is renewed, ownership of the domains included in the cert has to be proven again.

It is possible to do so by adding a _acme-challenge DNS record. Is it possible to set this DNS record the first time it's used for validation, and reuse it for subsequent validations, so that it is not necessary to set a new DNS record every time certificates need to be renewed?

1 Answers

Voted

Michael Hampton
2016-04-27T12:31:53+08:002016-04-27T12:31:53+08:00
It would not be cryptographically secure to reuse the same challenge.

If it were to be reused, anyone could receive a certificate for your domain name, because the "proper" data was already there!

This is why a new challenge is issued each time.
3

Reuse letsencrypt dns challenge

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?