On Thu, Oct 13, 2022 at 4:57 PM Maxwell G via devel
<devel(a)lists.fedoraproject.org> wrote:
Let's Encrypt also supports the dns-01 challenge[1] that
doesn't require
any publicly available IPs. Using dns verification is required to obtain a
Let's Encrypt wildcard certificate.
While I tend to prefer using the dns-01 challenge approach
when possible, not all DNS providers have made it easy to
accomplish (the certbot folk have implementations for a
number of the major DNS providers, and one can sometimes
find other 3rd party code for others, but it can still be hard
to setup and use, which means just enough additional
impedance that sometimes people will choose not to use it;
I can't blame them, as sometimes free has a higher cost
than having someone else order the cert from one of
the non-free CAs).