Support CNAME for dns-01 challenge?

CRi

Hi,

I'm trying to generate a wildcard certificate for my internal servers (*.office.example.com).
They are not exposed to the public internet so I'm currently using acme.sh with dns-01 challenge.
Unfortunately my DNS provider has no API to let me update the _acme-challenge TXT record, so I'm using an alias to duckdns.org.

I set up the following record on my domain:
_acme-challenge.office.example.com CNAME myexample.duckdns.org

And I currently use this command to manually renew my certificate:
./acme.sh --issue -d "*.office.example.com" --challenge-alias "myexample.duckdns.org" --server letsencrypt --dns dns_duckdns

Now, how do I set up the "DNS-01 acme.sh" challenge provide in Certwarden to replicate that configuration?
I tried dns_acmedns but it doesn't work as duckdns doesn't support acme protocol.
I tried dns_duckdns but it doesn't follow cnames and refuses domains that differ from *.duckdns.org.

I already spent hours on this so any help would be much appreciated!
Best Regards

gregtwallace

I think this is what you’re looking for. Let me know either way and if I can make the docs better.

https://www.certwarden.com/docs/user_interface/providers/#domain-aliases

CRi

Hi Greg,

That is exactly what I needed, it worked a threat 👍
The doc is very clear, silly me for not finding it by myself.

Thanks a lot!

gregtwallace

No worries, glad you got it working. Just always looking to improve docs / app / etc.