[Proposal] DNS-challenge support

[elct9620]

For wildcard support (#3) and special cases, we are unable to use HTTP-challenge we can use DNS-challenge as an alternative solution.

DNS Plugin

To keep the gem is small, I think we have to use the plugin to add support for different providers.

LetsEncrypt.config do |config|
  config.dns_challenger = 'LetsEncrypt::Challenger::CloudFlare'
end

Verification

Put the verification to the background job, use the ActiveJob interface.

    # Returns true if verify the domain is succeed.
    def verify
      return true if verified?
      return false if verifying? 
      
      order! unless ordered?
      VerificationJob.perform_later
      false
    end

[espen]

This would be awesome. Is my assumption right here that the CA would perform the DNS verification? And in such case there would be no need to mount this as an engine path and then just run this as a gem without route interference to the main application?

I see that acme-client supports dns challenge. What is the need for a dns vendor plugin like you mention here? Would it not be sufficient to return the DNS challenge record and then try to verify it later?

[elct9620]

@espen Yes, if use DNS challenge mode we didn't mount it. I am not sure the acme-client provides the DNS vendor API for it.

For example, if we use Route53 as our DNS server. We need an API call to add a record for the DNS challenge, I think the acme-client should not include it and we have to implement it by ourselves.

[espen]

That would be nice but for my user case I do not control the domain. So just the verification is sufficient. I would have customers pointing their domain to my app so I would just tell them what DNS-records to add then verify it (initiate manually or auto-check at intervals).

I think the actual DNS challenge here is the most important part. If someone needs automation for DNS creation then that could be added later. But yes, that would be outside of acme-client and this gem would have some API/DSL for adding DNS providers.