I'm using ngrok to demonstrate the ACME protocol on IIS/Windows. However, this service prefers CNAMEs over A records.
In debugging the interaction it seems that ACME only allows for A records. What is the security rationale for this behavior? What alternative is there?
Error message here:
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "DNS problem: SERVFAIL looking up A for dev.server.com",
"status": 400
},