feat: drop LEGO_EXPERIMENTAL_CNAME_SUPPORT

challenge/dns01/dns_challenge.go

@@ -178,18 +178,20 @@ func GetRecord(domain, keyAuth string) (fqdn, value string) {
 	value = base64.RawURLEncoding.EncodeToString(keyAuthShaBytes[:sha256.Size])
 	fqdn = fmt.Sprintf("_acme-challenge.%s.", domain)
 
-	if ok, _ := strconv.ParseBool(os.Getenv("LEGO_EXPERIMENTAL_CNAME_SUPPORT")); ok {
-		// recursion counter so it doesn't spin out of control
-		for limit := 0; limit < 50; limit++ {
-			// Keep following CNAMEs
-			r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
-			// Check if the domain has CNAME then use that
-			if err == nil && r.Rcode == dns.RcodeSuccess {
-				fqdn = updateDomainWithCName(r, fqdn)
-			} else {
-				// No more CNAME records to follow, exit
-				return
-			}
+	if ok, _ := strconv.ParseBool(os.Getenv("LEGO_DISABLE_CNAME_SUPPORT")); ok {
+		return
+	}
+
+	// recursion counter so it doesn't spin out of control
+	for limit := 0; limit < 50; limit++ {
+		// Keep following CNAMEs
+		r, err := dnsQuery(fqdn, dns.TypeCNAME, recursiveNameservers, true)
+		// Check if the domain has CNAME then use that
+		if err == nil && r.Rcode == dns.RcodeSuccess {
+			fqdn = updateDomainWithCName(r, fqdn)
+		} else {
+			// No more CNAME records to follow, exit
+			return
 		}
 	}
 

docs/content/dns/_index.md

@@ -45,11 +45,6 @@ $ CLOUDFLARE_EMAIL_FILE=/the/path/to/my/email \
   lego --dns cloudflare --domains www.example.com --email you@example.com run
 ```
 
-## Experimental Features
-
-To resolve CNAME when creating dns-01 challenge:
-set `LEGO_EXPERIMENTAL_CNAME_SUPPORT` to `true`.
-
 ## DNS Providers
 
 {{% tableofdnsproviders %}}

providers/dns/acmedns/acmedns_test.go

@@ -18,7 +18,7 @@ var (
 
 const (
 	// Fixed test data for unit tests.
-	egDomain  = "threeletter.agency"
+	egDomain  = "example.com"
 	egFQDN    = "_acme-challenge." + egDomain + "."
 	egKeyAuth = "⚷"
 )