All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Let's Encrypt Introduces DNS-PERSIST-01: Persistent DNS Validation for Certificate Renewals

By

todsacerdoti

3mo ago· 4 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Hand-rolled, kettle-boiled, baked to perfection. Worth every minute at the bakery.

Score85TypenewsSentimentpositive

Summary

Let's Encrypt is introducing DNS-PERSIST-01, a new DNS-based challenge validation model that addresses operational challenges with the traditional DNS-01 method. The new approach allows for persistent DNS records that remain valid for certificate renewals, eliminating the need for frequent DNS updates and reducing propagation delays. This innovation aims to simplify certificate management, particularly for wildcard certificates and infrastructure that shouldn't be publicly exposed, while maintaining security through cryptographic proof of domain control.

Key quotes

· 4 pulled
For subscribers who need wildcard certificates or who prefer not to expose infrastructure to the public Internet, the DNS-01 challenge type has long been the only choice.
DNS-01 works well. It is widely supported and battle-tested, but it comes with operational costs: DNS propagation delays, recurring DNS updates at renewal time, and automation that often requires distributing DNS credentials throughout your infrastructure.
We are implementing DNS-PERSIST-01 to address these operational challenges while maintaining the security properties that make DNS-01 valuable.
The new model allows for persistent DNS records that can be used for multiple certificate renewals, eliminating the need for frequent DNS updates and reducing the impact of propagation delays.
Snippet from the RSS feed
When you request a certificate from Let’s Encrypt, our servers validate that you control the hostnames in that certificate using ACME challenges. For subscribers who need wildcard certificates or who prefer not to expose infrastructure to the public Inter

You might also wanna read

Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware

Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta

microsoft.com·13h ago

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

An npm package called "mouse5212-super-formatter" targeting Claude users acted as information-stealing malware, reaching 676 downloads befor

theregister.com·1d ago

Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A single npm user published 14 malicious packages over four hours, impersonating popular OpenSearch, Elasticsearch, DevOps, and environment-

briefly.co·1d ago

Extending Wazuh Detection with Clickdetect, OpenSearch PPL, and Sigma Rules

This blog post by "souzo" introduces clickdetect, a repository/tool designed to extend Wazuh's detection capabilities by integrating with Op

infosecwriteups.com·3d ago

FuzzingBrain V2: Multi-Agent LLM System Achieves 90% Vulnerability Detection Rate and Discovers 29 Zero-Day Flaws

FuzzingBrain V2 is a multi-agent LLM system for automated vulnerability discovery and reproduction in software. It addresses three key chall

arxiv.org·3d ago

FuzzingBrain V2: Multi-Agent LLM System Achieves 90% Vulnerability Detection Rate and Discovers 29 Zero-Day Flaws

FuzzingBrain V2 is a multi-agent LLM system for automated vulnerability discovery and reproduction in software. It addresses three key chall

arxiv.org·3d ago