DNS Hosting Provider API integration for Lets Encrypt certificates
Problem to solve
When a self hosted GitLab instance is not available for the Lets Encrypt servers to verify control of a Domain, it is not possible to use Lets Encrypt without managing the certificate renewal outside of GitLab.
Intended users
Sidney (Sysadmin)
Further details
Adding certificate management via DNS would also allow for the generation of certificates for alternate urls, such as gitlab pages.
Proposal
Add support for Lets Encrypt to use the DNS verification option for certificate issuing, via the major DNS provides (route 53, Cloudflare, etc. For purely selfish reasons, Cloudflare first ;) )
Certificate issuance should be as simple as providing the API to use, API credentials, and domain name, and everything else is automatic.
Permissions and Security
Admin
Documentation
Testing
Risks: Exposure of API credentials DNS API Snafu, leading to more being removed than required.
What does success look like, and how can we measure that?
Ease of use by customers.
Links / references
Something similar to how https://acme.sh works.