commit 7db6ed5e38843a190b1f46f4f811d4883d980dc1
parent 780fd2d56fffe17327d879a192f2c8904ca304e6
Author: spacehobo <spacehobo@web>
Date: Tue, 12 May 2026 16:22:21 +0200
Trying permanent DNS acme stuff
Diffstat:
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/eik.mdwn b/eik.mdwn
@@ -95,11 +95,18 @@ Removing a cert is a slightly trickier. We think [this](https://community.letsen
### Wildcard certs
-Of course, all of this was unwieldy and brittle, and it seems none of it works now that we have rauthy set up in our nginx configs for some hosts. So maybe it's time for a wildcard cert:
+Of course, all of this was unwieldy and brittle, and it seems none of it works now that we have rauthy set up in our nginx configs for some hosts. So maybe it's time for a wildcard cert, using [DNS Persist Mode](https://github.com/acmesh-official/acme.sh/wiki/DNS-persist-mode):
- acme.sh --issue -d permacomputing.net -d *.permacomputing.net --dns -k ec-384
+ acme.sh --make-dns-persist-value -d permacomputing.net --dns-persist-wildcard
-This will print out a `TXT` record to add to DNS, and then we "renew" it:
+
+This printed out a `TXT` record to add to DNS, which you can see by running:
+
+ dig TXT _validation-persist.permacomputing.net
+
+Then we issued the first cert:
+
+ acme.sh --issue -d permacomputing.net -d '*.permacomputing.net' --dns-persist -k ec-384 --force
acme.sh --renew --ecc -d permacomputing.net --force
