Skip to content

[Feature]: Add support for using the selected DNS provider as the delegated challenge zone #995

Open
Open
[Feature]: Add support for using the selected DNS provider as the delegated challenge zone#995
Assignees
shibayan
Labels
enhancementNew feature or request
@NotZircom

Description

@NotZircom
NotZircom
opened on Mar 19, 2026

acmebot_bookmarklet.js

Is your feature request related to a problem?

Add support for using the configured DNS Provider as the delegated challenge zone. Currently, acmebot assumes the selected zone is the main DNS zone and the delegated challenge zone set via the DNS-Alias is a zone that acmebot can also access. The requested certificates are always issued for the selected DNS provider though, and so cannot be used to request certificates for other domains not included in the selected zone as is.

This does not fit our usecase(and probably others have the same problem) where we use Azure DNS to host the delegated challenge zone while our main DNS zone is with another provider that doesn't have API access. This is already supported by submitting requests via the API, and I've made a small JS bookmarklet that implements this functionality and have been using it for sometime now with no issues I have observed.

Describe the solution you'd like

Add a small checkbox underneath the existing DNS Alias field in advanced options that reads something like "Use selected DNS provider as delegated challenge zone". Possibly add some additional explanation text under the checkbox to say that this is used when the selected DNS zone acmebot controls is the delegated challenge zone while your main DNS is elsewhere.

This will populate the DNS-alias field with the currently selected zone and disable it(or just make it disappear).

The DNS Name field will update to let you enter FQDNs instead of generating a record using entered text and appending the select DNS zone.. The hint text will change to something like "Full FQDNs", and the help text underneath will remind you to create an '_acme-challenge' record in your main DNS provider for each FQDN you add here before submitting the form.

Describe alternatives you've considered

No response

Additional context

Attached bookmarklet I currently have and sample request body it submits. Most of the bookmarklet code is just html/css and some stuff to poll and print status calls.

Example request body is submits:
{
"dnsNames": [
"email.exampledev.com",
"autodiscover.exampledev.com",
"mailmgmtserver.exampledev.com"
],
"dnsProviderName": "AzureDns",
"certificateName": "test-bookmarklet",
"keyType": "RSA",
"keySize": 2048,
"reuseKey": false,
"dnsAlias": "acme.example.com"
}

Quick mockup of UI changes when box is selected:

Image

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions