CNAME delegation to .acme.nasqueron.org can be tricky to validate.
Some linter would be helpful here too.
Rules:
(1) if a CNAME record starts by _acme_challenge, it should point to an allowlist of domains, the value should so end by one of the item of that list (see table A) (goal: avoid typos)
(2) for a specific DNS domain, the subdomain should follow a pattern (see table B) (goal: avoid to put TXT challenge there)
Tables:
A. List of domains for _acme_challenge:
- .acme.nasqueron.org
B. Patterns by domain
acme.nasqueron.org: format: uuid
With regex by format:
uuid: /^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i