Automated Certificate Management Environment (ACME) DNS Labeled With ACME Account ID Challenge
draft-ietf-acme-dns-account-label-00
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
Expired & archived
|
|
|---|---|---|---|
| Authors | Antonis Chariton , Amir Omidi , James Kasten , Fotis Loukos , Stanislaw A. Janikowski | ||
| Last updated | 2025-05-17 (Latest revision 2024-11-13) | ||
| Replaces | draft-ietf-acme-scoped-dns-challenges | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document outlines a new DNS-based challenge type for the ACME protocol that enables multiple independent systems to authorize a single domain name concurrently. By adding a unique label to the DNS validation record name, the dns-account-01 challenge avoids CNAME delegation conflicts inherent to the dns-01 challenge type. This is particularly valuable for multi-region or multi-cloud deployments that wish to rely upon DNS-based domain control validation and need to independently obtain certificates for the same domain.
Authors
Antonis Chariton
Amir Omidi
James Kasten
Fotis Loukos
Stanislaw A. Janikowski
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)