Volker StolzI finally wanted to redo yet another @letsencrypt installation to use dns-01 and #rfc2136. Having remembered that CNAMEs and dynamic DNS were already horrible the last time round, I lost another hour of my life figuring out that whereas acme.sh needs a special option for CNAMEs, certbot doesn't support CNAMEs at all without an ungodly amount of local hooks (https://github.com/certbot/certbot/pull/7244#issuecomment-2056403185) 😒
dns-rfc2136: find the correct zone/name when CNAME/DNAMEs are used by hpax · Pull Request #7244 · certbot/certbot
Dynamic zones have significant problems with DNSSEC and with redundant servers (which, of course is highly desirable for DNS.) The obvious solution to that is to use a CNAME or DNAME record to poin...