























April 15, 2026, 10:33am 1
Title:
Does Certbot support CNAME challenge? How does CNAME validation work vs DNS-01?
I’m confused about how CNAME-based validation works with ACME/Certbot.
I’m trying to understand:
Is CNAME validation a separate challenge type, or just a variation of DNS-01?
How does this differ from the standard Certbot DNS-01 flow?
Any clear explanation would be really helpful.
Currently there is no "CNAME" challenge, but Let's Encrypt will follow a CNAME to complete a DNS challenge. So with a DNS challenge you are required to populate a TXT record with the label _acme-challenge.yourdomain.com.
You can use CNAME to point to a record in another DNS zone (e.g. one you can update automatically) and Let's Encrypt will follow it. Support for that between different clients (if they have DNS update support) will vary.
4 Likes
MikeMcQ April 15, 2026, 11:59am 3
Let's Encrypt is an ACME Server. Other methods are allowed in the CA/Browser Baseline Requirements but LE is only ACME. Some other CA also support ACME, some use alternate options, and some provide both ACME and other.
Certbot is just one of many ACME Clients and works with a variety of ACME Servers.
See also: Challenge Types - Let's Encrypt
And this upcoming new challenge: DNS-PERSIST-01: A New Model for DNS-based Challenge Validation - Let's Encrypt
4 Likes
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。