DNS Hosting Provider API integration for Lets Encrypt certificates

Problem to solve

When a self hosted GitLab instance is not available for the Lets Encrypt servers to verify control of a Domain, it is not possible to use Lets Encrypt without managing the certificate renewal outside of GitLab.

Intended users

Sidney (Sysadmin)

Further details

Adding certificate management via DNS would also allow for the generation of certificates for alternate urls, such as gitlab pages.

Proposal

Add support for Lets Encrypt to use the DNS verification option for certificate issuing, via the major DNS provides (route 53, Cloudflare, etc. For purely selfish reasons, Cloudflare first ;) )

Certificate issuance should be as simple as providing the API to use, API credentials, and domain name, and everything else is automatic.

Permissions and Security

Admin

Documentation

Testing

Risks: Exposure of API credentials DNS API Snafu, leading to more being removed than required.

What does success look like, and how can we measure that?

Ease of use by customers.

Links / references

Something similar to how https://acme.sh works.