when suggesting CAA records for a domain, suggest variants that bind to the account id and with validation methods used by mox

should prevent potential mitm attacks. especially when done close to the
machine itself (where a http/tls challenge is intercepted to get a valid
certificate), as seen on the internet last month.
This commit is contained in:
Mechiel Lukkien
2023-12-21 15:16:30 +01:00
parent ca97293cb2
commit db3fef4981
11 changed files with 123 additions and 28 deletions

View File

@ -96,6 +96,11 @@ describe-static" and "mox config describe-domains":
# configuring port forwarding. (optional)
Port: 0
# If set, used for suggested CAA DNS records, for restricting TLS certificate
# issuance to a Certificate Authority. If empty and DirectyURL is for Let's
# Encrypt, this value is set automatically to letsencrypt.org. (optional)
IssuerDomainName:
# File containing hash of admin password, for authentication in the web admin
# pages (if enabled). (optional)
AdminPasswordFile: