[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: guix.gnu.org sub-domain
From: |
Chris Marusich |
Subject: |
Re: guix.gnu.org sub-domain |
Date: |
Mon, 08 Apr 2019 18:48:02 -0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hi Julien,
Thank you for working on this!
Julien Lepiller <address@hidden> writes:
> I'm still unsure about how to update the certificates with the dns
> challenge. I found a script that could help us with updating the zone
> served by knot when it's configured as a master.
>
> We could use that to update the required txt record, but we also need
> to make sure the change is propagated to the other server, because we
> don't know which server will be asked to answer the challenge.
>
> With a further delegation of the record for the dns challenge we can
> have two masters, but I'm still stuck at finding a way to communicate
> the challenge between the two servers.
>
> Ideas?
Can we update the DNS dynamically [1]? Can you share the script?
I still don't know as much about Knot as I should, but I'm surprised
that a change to the primary server's database would not be propagated
to the secondary server's database automatically. Can you elaborate on
what goes wrong, or maybe explain (even at a high level) how I can try
reproducing the problem with cert renewal locally?
Footnotes:
[1] https://tools.ietf.org/html/rfc2136
--
Chris
signature.asc
Description: PGP signature