Clearing up a little confusion with Let’s Encrypt’s DNS challenges

I love Let’s Encrypt. I’ve been using SSL for all my personal projects for years. Until they came along I was using self-signed certificates and manually adding my own root certificate to all the machines I was using my sites from. And that lead to some fun… So I moved eagerly to Let’s Encrypt when the tooling supported Windows reasonably well, and set myself up with a certificate with multiple SANs authenticated via their “HTTP proofs” mechanism, and it all worked fine, despite it being a bit of a pain that I had to expose port 80 for sites I only wanted accessible via port 443.

But I realised recently that they now offer wildcard certs that would make my life simpler, and that there is now decent support for DNS-based proof-of-ownership. So recently I tried moving my server over to this model – and there was a bit of friction. Entirely PEBCAK though – so I’m writing this down for the next time I forget how DNS works 😉 Continue reading

Advertisements