i am trying to create a certbot / lego ACME client, which can create letsencrypt certificates with the DNS plugin for Route53. LetsEncrypt allows to "redirect" a domain to another provider with a CNAME.
https://letsencrypt.org/docs/challenge-types/ Since Let’s Encrypt follows the DNS standards when looking up TXT records for DNS-01 validation, you can use CNAME records or NS records to delegate answering the challenge to other DNS zones. This can be used to delegate the _acme-challenge subdomain to a validation-specific server or zone. It can also be used if your DNS provider is slow to update, and you want to delegate to a quicker-updating server.
But it looks like, certbot or Lego are not able to do this.
Lego has a CNAME Issue: https://github.com/go-acme/lego/issues/1580 Certbot has a CNAME Issue: https://github.com/certbot/certbot/pull/7244
Does anyone has any tool, which supports CNAME?