Hello! Just heard about this service. I’m searching for a DNS service which has an API to be used to automize Let’s Encrypt Certificate enrollment.
I think deSEC could be the way to go. However, I cannot use DNSSEC with my domain for some reason. Is it possible to use the service without activating DNSSEC?
Thanks
Technically yes. But that is not the goal of deSEC e.V. so they may deactivate your domain/account at some point in time.
See Terms of Use (§4 Secure Delegation Required)
Best figure out why you can’t use DNSSEC? And then correct that problem.
HTH
fiwswe
The parent domain is not under my complete control. I may ask for change of ns-records of the subdomain (which would then point to nameserver = ns1.desec.io. and nameserver = ns2.desec.org.), but enabling DNSSEC on the parent domain (which is afaik a prerequisite) is not possible for me.
kind regards
You have two choices then:
Well actually there are more choices, but I would not recommend these:
And of course convincing the parent domain owner to use DNSSEC has advantages even without your specific use case. In an ideal world all domains would be secured with DNSSEC.
As to your particular use case, you might be able to use the HTTP-01 challenge instead of the DNS-01 challenge with Let’s Encrypt. You can’t set wildcard certificates but for all else it should work fine. And it does not require any DNS API access.
Thanks for your ideas.
I just like my current subdomain so much. Anyway, I think I still will take option 2 (get your own domain). Most sustainable option. I’m currently browsing on https://micro.domains/ to find a suitable name.