Skip to content

Add dns-account-01 challenge support#256

Merged
unixcharles merged 5 commits intounixcharles:masterfrom
sheurich:add-acme-dns-account-01-support
Sep 24, 2025
Merged

Add dns-account-01 challenge support#256
unixcharles merged 5 commits intounixcharles:masterfrom
sheurich:add-acme-dns-account-01-support

Conversation

@sheurich
Copy link
Contributor

@sheurich sheurich commented Sep 23, 2025

This PR adds support for the new dns-account-01 challenge type to the ACME client, enabling concurrent domain validation by different clients using account-specific DNS records.

Summary

  • Add dns-account-01 challenge implementation following RFC draft-ietf-acme-dns-account-label-01
  • Provide account-specific DNS record names to avoid validation conflicts
  • Maintain full backward compatibility with existing challenge types

Changes

  • New challenge class: DNSAccount01 with account-specific record name generation
  • Authorization integration: Added dns_account_01 and dns_account helper methods
  • Comprehensive documentation: Dedicated README section with usage examples
  • Complete test coverage: Unit tests and VCR cassettes for the new challenge type

Benefits

  • Concurrent validation: Multiple ACME clients can validate the same domain simultaneously
  • No conflicts: Each client gets a unique DNS record name based on account URL
  • Drop-in replacement: Can be used anywhere DNS-01 challenges are used

Usage

challenge = authorization.dns_account
challenge.record_name    # => '_ujmmovf2vn55tgye._acme-challenge'
challenge.record_type    # => 'TXT'
challenge.record_content # => 'HRV3PS5sRDyV-ous4HJk4z24s5JjmUTjcCaUjFt28-8'

Testing

  • All existing tests pass
  • New tests verify challenge creation, record generation, and API integration
  • Added VCR cassette for dns-account-01 challenge interactions

sheurich and others added 4 commits September 23, 2025 11:10
@sheurich
Copy link
Contributor Author

sheurich commented Sep 23, 2025

Fixes #255

@sheurich
Enhance dns-account-01 documentation clarity
fe7616c 
- Clarify RFC 4648 Base32 alphabet usage
- Use I-D terminology "octets" instead of "bits"
- Improve class description for concurrent validation
@sheurich
Copy link
Contributor Author

sheurich commented Sep 24, 2025

@unixcharles for context this code interoperates with

and mirrors the implementation in

unixcharles
unixcharles approved these changes Sep 24, 2025
View reviewed changes
Copy link
Owner

@unixcharles unixcharles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution

@unixcharles unixcharles merged commit c798d60 into unixcharles:master Sep 24, 2025
8 checks passed
@sheurich sheurich mentioned this pull request Sep 24, 2025
Closed
5 tasks
@unixcharles
Copy link
Owner

unixcharles commented Sep 24, 2025

released in 2.0.26

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@unixcharles unixcharles unixcharles approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sheurich @unixcharles