After @fwipe kindly kicked me in the right direction to allow me to get agents registered with the hub I set up, I started out looking into the validation part. To be honest, and this is nothing on Certify the Web, but the ownership validations are a bit over the top. I absolutely get verifying domain ownership when issuing a certificate for the first time, but once it’s been validated, unless something significant changes, it shouldn’t need to be ‘re-validated’. My main domain, which is the only domain I have certificates issued for, I’ve owned for over 20 years. Some of the domains I manage for work have been owned longer. Nothing’s changed. Why the ‘revalidation’ for certificate renewals? That’s honestly absurd.
Anyway, my options for automating the ‘revalidation’, as absurd as it is, seem limited at best. My domains are registered with SecureServer.net and DNS is hosted there. I have no interest in moving any of my domains. I believe secureserver.net is a reseller of godaddy, so maybe the godaddy API would work, but there’s a requirement for ‘10+ domains’. I have 8. It seems every option out there for automating this requires spending more money. It seems my options are: Move DNS for at least one of my domains and use CNAME delegation, move one of my domains somewhere and use CNAME delegation, buy a new domain, registered elsewhere and use that domain for CNAME delgation.
To be honest, Id’ rather have it such that something other than the credentials that are the keys to everything related to my domains are what are used, but in the list, there don’t seem to be any options that offer free DNS unless the domain is registered with them.
Unfortunately, with the truly insane change coming to 47 day certificate life, automation will become mandatory. Registrars like Network Solutions don’t seem to support this, based on the list provided in the Certify Hub. In order for these insanely short certificate lifetimes, it will be mandatory for EVERY DNS provider to support this. But that’s not where we are right now.
So anyway, am I missing something? I’d say the ideal solution would be some free DNS service that is supported by Certify The Web that I can point one of my ‘less used’ domains to for DNS while leaving it registered right where it is, and use that for CNAME Delegation.
Any thoughts or suggestions?