惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
L
LangChain Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 司徒正美
WordPress大学
WordPress大学
T
The Blog of Author Tim Ferriss
Blog — PlanetScale
Blog — PlanetScale
J
Java Code Geeks
Y
Y Combinator Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
GbyAI
GbyAI
Vercel News
Vercel News
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
Jina AI
Jina AI
B
Blog
Recorded Future
Recorded Future
MyScale Blog
MyScale Blog
I
InfoQ
aimingoo的专栏
aimingoo的专栏
博客园_首页
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
雷峰网
雷峰网
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
腾讯CDC
爱范儿
爱范儿
Last Week in AI
Last Week in AI
博客园 - 三生石上(FineUI控件)
博客园 - Franky
Schneier on Security
Schneier on Security
V
V2EX
TaoSecurity Blog
TaoSecurity Blog
H
Hacker News: Front Page
Cloudbric
Cloudbric
D
DataBreaches.Net
B
Blog RSS Feed
P
Palo Alto Networks Blog
云风的 BLOG
云风的 BLOG
NISL@THU
NISL@THU
I
Intezer
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Cyberwarzone
Cyberwarzone
F
Fortinet All Blogs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
K
Kaspersky official blog
Forbes - Security
Forbes - Security

Let's Encrypt Community Support - Latest topics

New Certificate Fails with Unauthorized 403 Seeking Clarity and Consistency on Configuring HTTP-01 challenge for multiple domains Certifiate failing renewal Letsencrypt blocked in Iran Problem with http verification Cyber-attacks from the secondary verification source addresses Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: How will clients handle X2 by X1 cross certificate revocation HTTPS Certificate Renewal and Mixed Content Issues Affecting My Real-Time Morse Code Website Using Let’s Encrypt .conf Files and Nginx along with Certbot Forbidden by policy error generating the let’s encrypt certificate SSL Certificate installed for 1 of 2 domains Certificate apparently not working Certbot 5.6.0 Release Would signing the key authorization with the ACME private key increase security? Lego 5.0.0 Release Certificate renewal incomplete: missing domains beeandlunetrading.com We can’t renew your Let’s Encrypt certificate automatically until the issue is resolved Is using preferred-chain "ISRG Root X2" still a good idea? Crypt::LE --delayed not being honored Expressway certificate renewal error even after upgrading to the latest version Yocto Bitbake install of Certbot luadns fails with 'NoneType' object is not callable Intended audience for "tlsserver" profile Trouble finding Charter Communications as Web Hoster 2026.05.08 Gen Y Cross-Certified Subordinate CAs missing serverAuth EKU Certbot deploy-hook Obtaining account ID from xmox.nl email server SSL Certificate Expired - pwgroup.plabcapy.com More cultural recognition of HTTPS adoption Certificado certbot Upcoming Let’s Encrypt Profile Changes On May 13 Lets encrypt certificate issued website scam Issues getting certificates for .de zone Certbot-dns-multi for dns-lego fails with request for two domains Will tlssever profile switch to 45 days next week? Certbot script searching Expired certs shut done websites Automatic renewal across multiple systems serving the same domain Account paused – Request to unpause domain exodus.digitalmansa.com Certificate for web theft phucnha.com DNS-PERSIST without spending an Order Certificate Expired, now I can't create a new one Account paused Invalid unpause URL I need to revoke a cert, how do i do this Recommended Certbot Config for 2 certs with same FQDN with different acme servers The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot Cannot load certificate "/etc/letsencrypt/live/laurexplore.fr/fullchain.pem" A small static ACME server to distribute certs Certferry - easy distribution of wildcard LE certificates Permission errors on Let's ENcrypt certificate requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer')) The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot LetsEncrypt Consultation SSL/TLS certificate Issue ISRG may have received a National Security Letter or FISA Court Order? Deactivating pending authorization Perhaps this domain is at risk group and is blacklisted on the Let's Encrypt side Certificate renewal error Azuracast letsencrypt error Certbot change provider from Sectigo to CertiNext Privacy policy still mentions disabled services Letsencrypt[.]top is squatting on the LE name and acting as a web client Cert renews not working anymore Root Cert Protection and Signing Process for e.g. Intermediates or Cross-Signs of new Roots DNS Challenge failed incorrect TXT value FreeCert: a lightweight ACME management module for shared hosting and cPanel Certbot is rejecting its own specified _acme-challenge value Not able to renew certificates Issue of SSL Certificate fails Today instantly SSL certificate problems CNAME and CAA clarification Issue an SSL certificate Wacs Domain cert generation - test successful but real fails 400 Posh-acme db_error submitting renewal Safari won't trust Let's Encrypt certs Win-Acme Renewal Failing Suddenly with DNS-01 (Dreamhost) My certicate is obsokete Certbot failed to authenticate some domains Possible deliberate publicly admitted violation of subscriber policy by Tom Murphy VII in the form of HTTPV ARI renewal-info Rate Limit Changes? Missing accounturi field in LE dns-persist-01 challenges Problem obtaining a certificate One cert failing to renew - don't know why Dns-persist-01 deployment status and timeline Issue (apparently) after upgrading certbot/ubuntu [nginx] IPv4 OK, IPv6 NOK Expressway ACME Certificate Renewal failing Certbot nginx challenge times out Certbot 5.5.0 Release Error unmarshaling request Try t Self-Host BitWarden - Having Issues Getting a Cert Various problems with three domains cme_registration.reg: Creating... ╷ │ Error: acme: error: 403 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-acct :: urn:ietf:params:acme:error:unauthorized :: An account with the provided public key exists but is deactivated Iran's internet outage and challenges for renewing letsencrypt certs Running multiple Certbot renewals in parallel — how to bypass the global lock file? Nginx ipv64.net Fritzbox Dietpi DNS-PERSIST-01 and _validation-persist CNAME Just a small certbot script check An easy way to publish dns-persist-01 records Problem finding dns-persist-01 in staging GoDaddy API access policy update
Does Certbot support CNAME challenge? How does CNAME validation work vs DNS-01?
Buchi · 2026-04-15 · via Let's Encrypt Community Support - Latest topics

April 15, 2026, 10:33am 1

Title:
Does Certbot support CNAME challenge? How does CNAME validation work vs DNS-01?

I’m confused about how CNAME-based validation works with ACME/Certbot.

  1. Does Certbot support a “CNAME challenge” directly, or only DNS-01 (TXT)?
  2. In some REST API-based certificate services, I see a “CNAME validation” method where they give a host and target (CNAME record).
  3. If I add that CNAME record in my domain DNS, will the CA automatically verify it without me adding a TXT record?

I’m trying to understand:

Is CNAME validation a separate challenge type, or just a variation of DNS-01?

How does this differ from the standard Certbot DNS-01 flow?

Any clear explanation would be really helpful.

Currently there is no "CNAME" challenge, but Let's Encrypt will follow a CNAME to complete a DNS challenge. So with a DNS challenge you are required to populate a TXT record with the label _acme-challenge.yourdomain.com.

You can use CNAME to point to a record in another DNS zone (e.g. one you can update automatically) and Let's Encrypt will follow it. Support for that between different clients (if they have DNS update support) will vary.

4 Likes

MikeMcQ April 15, 2026, 11:59am 3

Let's Encrypt is an ACME Server. Other methods are allowed in the CA/Browser Baseline Requirements but LE is only ACME. Some other CA also support ACME, some use alternate options, and some provide both ACME and other.

Certbot is just one of many ACME Clients and works with a variety of ACME Servers.

See also: Challenge Types - Let's Encrypt

And this upcoming new challenge: DNS-PERSIST-01: A New Model for DNS-based Challenge Validation - Let's Encrypt

4 Likes