zlacker

[parent] [thread] 1 comments
1. chrism+(OP)[view] [source] 2023-05-04 19:40:26
Convenience. DNS is routinely not automatable by API, or inconvenient to automate. HTTP, however, is normally easy to work with.
replies(1): >>AdamJa+J3
2. AdamJa+J3[view] [source] 2023-05-04 19:59:33
>>chrism+(OP)
It's not even that it's not automatable, it's just that it follows a completely different control scheme and path than DNS.

for 99.99% of cases when a domain is pointed at me and I want to serve an SSL certificate for it, I can answer an HTTP-01 challenge. Needing to orchestrate a DNS challenge will always be a more complicated external thing.

HTTP challenge (and TLS-ALPN) are in-band, DNS is out-of-band.

[go to top]