From 5c787eea122a947e78cdc69b2c12bc5118c6ec11 Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Mon, 16 Mar 2026 21:58:04 -0400 Subject: [PATCH] docs: add DNS-01 challenge support to V2 roadmap DNS-01 enables wildcard certificates and validation for hosts that can't serve HTTP on port 80. Planned with provider adapters (Cloudflare, Route53) and custom script hooks. Co-Authored-By: Claude Opus 4.6 --- README.md | 2 +- docs/connectors.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 468a404..8e935ce 100644 --- a/README.md +++ b/README.md @@ -349,7 +349,7 @@ All nine development milestones (M1–M9) are complete. The backend covers the f Remaining before the v1.0.0 tag: dashboard screenshots in README, tagged Docker images published, final error-handling audit to confirm no panics or unhandled error paths. ### V2: Operational Maturity -- **V2.0: Operational Workflows** — renewal approval UI, bulk cert operations, deployment timeline, real-time updates (SSE/WebSocket), target config wizard +- **V2.0: Operational Workflows** — ACME DNS-01 challenges (wildcard certs, custom validation scripts), renewal approval UI, bulk cert operations, deployment timeline, real-time updates (SSE/WebSocket), target config wizard - **V2.1: Team Adoption** — OIDC/SSO, RBAC, CLI tool, Slack/Teams notifiers, bulk cert import - **V2.2: Observability** — expiration calendar, health scores, Prometheus metrics, deployment rollback diff --git a/docs/connectors.md b/docs/connectors.md index f3a2fdb..3755b91 100644 --- a/docs/connectors.md +++ b/docs/connectors.md @@ -110,6 +110,8 @@ Configuration: For HTTP-01 to work, the domain being validated must resolve to the machine running the connector, and the configured HTTP port must be reachable from the internet. The connector automatically registers an ACME account, creates orders, solves challenges, finalizes with the CSR, and downloads the issued certificate chain. +**Limitation:** v1 supports HTTP-01 challenges only. DNS-01 challenge support (required for wildcard certificates and hosts that can't serve HTTP on port 80) is planned for V2, including provider-specific DNS adapters (Cloudflare, Route53, etc.) and custom validation script hooks. + Environment variables for the default ACME connector: - `CERTCTL_ACME_DIRECTORY_URL` — ACME directory URL - `CERTCTL_ACME_EMAIL` — Contact email for account registration