Hello,

I’m trying to setup Let’s Encrypt using RFC2136 for DNS-01 updates.

Our DNS zone however is unable to use RFC2136, so we created a new zone to use for CNAME from the main zone.

However, we are unable to update the records seeing as the Let’s Encrypt integration tries to update _acme-challenge.sub.domain.com whereas we need to update _acme-challenge-sub.cname.domain.com.

This shouldn’t be an uncommon occurrence.

https://letsencrypt.org/docs/challenge-types/#dns-01-challenge

There also doesn’t seem to be any support for https://challenges.addr.tools/ which would’ve worked as well using CNAME to validate.

Is there any way to get Let’s Encrypt DNS RFC2136 update the zone cname.domain.com with the _acme-challenge.sub.cname.domain.com while the certificate is issued for sub.domain.com?

Thanks in advance!