The solution however is pretty trivial. For our setup I just made a very small server with a couple of REST endpoints.
Each customer gets their own login to our REST server. All they do is ask "get a new cert".
The DNS-01 challenge is handled by the REST server, and the cert then supplied to the client install.
So the actual customer install never sees our DNS API keys.
The solution however is pretty trivial. For our setup I just made a very small server with a couple of REST endpoints.
Each customer gets their own login to our REST server. All they do is ask "get a new cert".
The DNS-01 challenge is handled by the REST server, and the cert then supplied to the client install.
So the actual customer install never sees our DNS API keys.