DNS Alias Mode

DNS Alias mode allows a DNS update method to update an alternate domain name instead of updating a record for the domain name directly.

If the main DNS provider does not support updating TXT records, a CNAME record can point to an alternative domain which does.

Challenge Alias

In Challenge Alias mode (default), the ACME package still automatically prepends _acme-challenge. to both the Domain Name and the DNS Alias domain.

In the certificate entry, set:

Domain Name:

company.example which does not support automatic updates

DNS Alias Domain:

dynamic.example which is the alternative domain in a dynamic zone

DNS Domain Alias mode:

Leave unchecked

On the DNS server, add a CNAME record pointing to the DNS Alias hostname with _acme-challenge. prepended:

_acme-challenge.company.example      IN      CNAME   _acme-challenge.dynamic.example.

When updating, the package will update _acme-challenge.dynamic.example in DNS while sending company.example in the certificate request to the ACME provider.

Domain Alias

Domain Alias mode works similar to Challenge Alias mode but it does not prepend _acme-challenge. to the DNS Alias domain. Some administrators prefer this when using many hostnames in a single dynamic zone, or for working around limitations in DNS providers or platforms.

In the certificate entry, set:

Domain Name:

company.example which does not support automatic updates

DNS Alias Domain:

checkme.dynamic.example which is the alternative domain in a dynamic zone

DNS Domain Alias mode:

Checked

On the DNS server, add a CNAME record pointing directly to the DNS Alias hostname:

_acme-challenge.company.example      IN      CNAME   checkme.dynamic.example.

When updating, the package will update checkme.dynamic.example in DNS while sending company.example in the certificate request to the ACME provider.