From 93546769e6d3baa84878fea6c0964f8dc3728e7c Mon Sep 17 00:00:00 2001 From: Pim Date: Sat, 29 Jun 2024 18:07:25 +0200 Subject: [PATCH] Indirectly explain what is needed to delegate a subdomain to another zone In the DNS Challenge chapter it is said that _This can be used to delegate the _acme-challenge subdomain to another zone_, but it is not explained _how_ you can configure that. So I propose to add a link to the `dns_challenge_override_domain` setting which users need to configure if they wish to resolve the acme_challenge for domain1 through the zone of domain2 --- src/docs/markdown/automatic-https.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/docs/markdown/automatic-https.md b/src/docs/markdown/automatic-https.md index 6f180e6..1fc075d 100644 --- a/src/docs/markdown/automatic-https.md +++ b/src/docs/markdown/automatic-https.md @@ -196,7 +196,7 @@ The DNS challenge performs an authoritative DNS lookup for the candidate hostnam This challenge does not require any open ports, and the server requesting a certificate does not need to be externally accessible. However, the DNS challenge requires configuration. Caddy needs to know the credentials to access your domain's DNS provider so it can set (and clear) the special `TXT` records. If the DNS challenge is enabled, other challenges are disabled by default. -Since ACME CAs follow DNS standards when looking up `TXT` records for challenge verification, you can use CNAME records to delegate answering the challenge to other DNS zones. This can be used to delegate the `_acme-challenge` subdomain to another zone. This is particularly useful if your DNS provider doesn't provide an API, or isn't supported by one of the DNS plugins for Caddy. +Since ACME CAs follow DNS standards when looking up `TXT` records for challenge verification, you can use CNAME records to delegate answering the challenge to other DNS zones. This can be used to delegate the `_acme-challenge` subdomain to [another zone](/docs/caddyfile/directives/tls#dns_challenge_override_domain). This is particularly useful if your DNS provider doesn't provide an API, or isn't supported by one of the DNS plugins for Caddy. DNS provider support is a community effort. [Learn how to enable the DNS challenge for your provider at our wiki.](https://caddy.community/t/how-to-use-dns-provider-modules-in-caddy-2/8148)