From c341db1084f59d8eccf06a209fea9ef6abdfd5cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Przemys=C5=82aw=20Romanik?=
<46846000+rom4nik@users.noreply.github.com>
Date: Wed, 17 Jan 2024 01:55:59 +0100
Subject: [PATCH] dns_challenge_override_domain: clarify expected domain and
DNS plugin support (#367)
---
src/docs/markdown/caddyfile/directives/tls.md | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/docs/markdown/caddyfile/directives/tls.md b/src/docs/markdown/caddyfile/directives/tls.md
index 017a80fc..90b0248c 100644
--- a/src/docs/markdown/caddyfile/directives/tls.md
+++ b/src/docs/markdown/caddyfile/directives/tls.md
@@ -114,10 +114,12 @@ Keep in mind that Let's Encrypt may send you emails about your certificate neari
- **dns_challenge_override_domain** overrides the domain to use for the DNS challenge. This is to delegate the challenge to a different domain.
- You may want to use this if your primary domain's DNS provider does not have a [DNS plugin 
](https://github.com/caddy-dns) available. You can instead add a `CNAME` record with subdomain `_acme-challenge` to your primary domain, pointing to a secondary domain for which you _do_ have a plugin.
+ You may want to use this if your primary domain's DNS provider does not have a [DNS plugin ](https://github.com/caddy-dns) available. You can instead add a `CNAME` record with subdomain `_acme-challenge` to your primary domain, pointing to a secondary domain for which you _do_ have a plugin. This option _does not_ require special support from the plugin.
When ACME issuers try to solve the DNS challenge for your primary domain, they will then follow the `CNAME` to your secondary domain to find the `TXT` record.
+ **Note:** Use full canonical name from the CNAME record as value here - `_acme-challenge` subdomain won't be prepended automatically.
+
- **resolvers** customizes the DNS resolvers used when performing the DNS challenge; these take precedence over system resolvers or any default ones. If set here, the resolvers will propagate to all configured certificate issuers.
This is typically a list of IP addresses. For example, to use [Google Public DNS ](https://developers.google.com/speed/public-dns):
@@ -230,10 +232,12 @@ Obtains certificates using the ACME protocol. Note that `acme` is a default issu
- **dns_challenge_override_domain** overrides the domain to use for the DNS challenge. This is to delegate the challenge to a different domain.
- You may want to use this if your primary domain's DNS provider does not have a [DNS plugin ](https://github.com/caddy-dns) available. You can instead add a `CNAME` record with subdomain `_acme-challenge` to your primary domain, pointing to a secondary domain for which you _do_ have a plugin.
+ You may want to use this if your primary domain's DNS provider does not have a [DNS plugin ](https://github.com/caddy-dns) available. You can instead add a `CNAME` record with subdomain `_acme-challenge` to your primary domain, pointing to a secondary domain for which you _do_ have a plugin. This option _does not_ require special support from the plugin.
When ACME issuers try to solve the DNS challenge for your primary domain, they will then follow the `CNAME` to your secondary domain to find the `TXT` record.
+ **Note:** Use full canonical name from the CNAME record as value here - `_acme-challenge` subdomain won't be prepended automatically.
+
- **resolvers** customizes the DNS resolvers used when performing the DNS challenge; these take precedence over system resolvers or any default ones. If set here, the resolvers will propagate to all configured certificate issuers.
This is typically a list of IP addresses. For example, to use [Google Public DNS ](https://developers.google.com/speed/public-dns):