Blog
read more
What's holding up the rollout of persistent domain validation for ACME?
There is a new ACME validation method, dns-persist-01, being standardized at the IETF, and it has even been rolled out to Let’s Encrypt’s staging environment. However, an unresolved security concern is blocking progress on the standard and the roll-out in production for Let’s Encrypt.
dns-persist-01: DNS propagation delays begone!
While ACME has had a DNS-based validation method (dns-01) since the very beginning 1, it requires real-time updates to DNS for every validation attempt. This creates two issues: