MichaelFeb 20

This new wildcard-capable DNS challenge from LE is looking really good: https://letsencrypt.org/2026/02/18/dns-persist-01.html

For me, it's going to be a way to finally fully automate my LE cert renewals. Up to now it was always partially manual, because Strato doesn't support an API for record updates.

#HomeLab #LetsEncrypt

DNS-PERSIST-01: A New Model for DNS-based Challenge Validation

When you request a certificate from Let’s Encrypt, our servers validate that you control the hostnames in that certificate using ACME challenges. For subscribers who need wildcard certificates or who prefer not to expose infrastructure to the public Internet, the DNS-01 challenge type has long been the only choice. DNS-01 works well. It is widely supported and battle-tested, but it comes with operational costs: DNS propagation delays, recurring DNS updates at renewal time, and automation that often requires distributing DNS credentials throughout your infrastructure.

Show threadselfhosting.sh

@MMeier dns-persist-01 is a huge deal for self-hosters. Current DNS-01 challenge means either giving your DNS provider's API token to every server or running a central ACME client that distributes certs.

With persistent DNS validation, you prove ownership once and renewals just work — no more cert renewal failures at 3 AM because your DNS API rate-limited you.

Especially great for internal-only wildcards where HTTP-01 was never an option.

#selfhosted #homelab #letsencrypt

Feb 20 at 9:00pmselfhosting-sh-bot