From f799ee0fd02e91e40285a9b9706c7e238ec444d5 Mon Sep 17 00:00:00 2001
From: Matti Hiljanen <matti@hiljanen.com>
Date: Mon, 22 Dec 2025 17:04:37 +0200
Subject: [PATCH 1/2] feat: add basic support for challenge alias domain

---
 hook.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hook.sh b/hook.sh
index 63adaa5..30c8449 100755
--- a/hook.sh
+++ b/hook.sh
@@ -5,6 +5,7 @@ set -o nounset
 shopt -s lastpipe
 
 prefix="_acme-challenge."
+suffix=""
 
 #if [[ ! -f "${PWD}/hooks/cfhookbash/config.sh" ]]; then
 #    if [[ -f "${PWD}/config.sh" ]]; then
@@ -71,7 +72,7 @@ deploy_challenge() {
 
         echo "   - Setting up token for ${DOMAIN}"
 
-        local DATA='{"type":"TXT","name":"'${prefix}${DOMAIN}'","content":"'${TOKEN_VALUE}'","ttl":120,"priority":10,"proxied":false}'
+        local DATA='{"type":"TXT","name":"'${prefix}${DOMAIN}${suffix}'","content":"'${TOKEN_VALUE}'","ttl":120,"priority":10,"proxied":false}'
         curl "${curlParams[@]}" --data "${DATA}" | check_status
         shift 3
     done
@@ -114,7 +115,7 @@ clean_challenge() {
         local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}" curlParams response
         load_config "$DOMAIN" curlParams
 
-        curl "${curlParams[@]}" -G -d 'match=all' -d 'per_page=100' -d 'type=TXT' -d "name=${prefix}${DOMAIN}" | readarray response
+        curl "${curlParams[@]}" -G -d 'match=all' -d 'per_page=100' -d 'type=TXT' -d "name=${prefix}${DOMAIN}${suffix}" | readarray response
         echo "${response[@]}" | check_status
 
         record_ids=$( echo "${response[@]}" | jq -r '.result | .[] | .id' )

From b8c424d504c5c13ae2a6e31ae6455fe81dd15c22 Mon Sep 17 00:00:00 2001
From: Matti Hiljanen <matti@hiljanen.com>
Date: Mon, 22 Dec 2025 21:01:51 +0200
Subject: [PATCH 2/2] docs: document challenge alias domain

---
 config.default.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/config.default.sh b/config.default.sh
index 70aca00..c1b3ca7 100755
--- a/config.default.sh
+++ b/config.default.sh
@@ -2,6 +2,14 @@
 #     global_api_key="YOUR_GLOBAL_KEY"
 #     zones="YOUR_ZONES"
 #     email="admin@example.com"
+#
+# If you wish to delegate the DNS challenges to another domain, you can set the suffix variable. For example:
+#    suffix=".dns-01.example.org"
+# And then add the appropriate CNAME records to delegate the challenges:
+#    _acme-challenge.www.example.com CNAME _acme-challenge.www.example.com.dns-01.example.org
+#    _acme-challenge.www.example.net CNAME _acme-challenge.www.example.net.dns-01.example.org
+# In this case, the zone ID must refer to the delegated domain, and the API token must have edit
+# permissions (only) for that domain.
 
 case ${1} in
 	"www.example.com")