|Kegan Myers 8b0a007e49|
This project is quite simple, the only requirement is a module-aware go compiler.
go build .
acme-dns-httpreq takes two arguments:
- The base domain, which is the zone that will be delegated in DNS to this server.
- The server address, which is used in the SOA records served by this domain.
Both arguments are full DNS names, which should end with a period.
./acme-dns-httpreq "acme-dns.keganmyers.com." "dns.keganmyers.com."
Let's assume you want to issue a certificate for
There should be an acme-dns-httpreq server runnign somewhere, let's say on a server with IP
184.108.40.206. It will be available at
http://dns.example.net for http requests and
dns.example.com:53 for DNS requests. The following DNS records are assumed to exist:
dns.example.net. 300 IN A 220.127.116.11 acme.example.net. 300 IN NS dns.example.net.
The client is a using the LEGO's HTTP Request provider, and will need the following environment variables:
HTTPREQ_ENDPOINT=http://dns.example.net HTTPREQ_USERNAME=_acme-challenge.example.com. HTTPREQ_PASSWORD=w5m8bxRRXSDxt59
There will also need to be a DNS record set for everything to work:
_acme-challenge.example.com. 300 IN CNAME _acme-challenge.example.com.acme.example.net.
No authentication is done by this server, it merely validates that the username provided by basic auth matches the domain name that should be set. Authentication should be handled by some external process, such as a proxy server. In the example given above anyone could issue a certificate for
example.com unless something is in place to ensure the
HTTPREQ_PASSWORD is validated before passing the request to acme-dns-httpreq.
This server is hard-coded to listen on ports 53 and 80, that is because this server is intended to be run inside as a container, and routing set up as needed, ideally with at least a reverse proxy in front of it.
This program is not, and does not intend to be a fully featured authoritative DNS server. If you need to run those on the same server as this you will need to figure out how to route requests to this server.