Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #16023
| From | Brett Delmage <Brett@BrettDelmage.ca> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | BIND, nsupdate and acme.sh DNS authentication |
| Date | 2020-07-23 15:13 -0400 |
| Message-ID | <mailman.765.1595531559.942.bind-users@lists.isc.org> (permalink) |
| References | <alpine.DEB.2.21.2007231459440.9937@pannier.local> |
On Thu, 23 Jul 2020, Michael De Roover wrote: > For example I don't trust Manjaro's maintainers, since they screwed up > their TLS certificate renewal no less than 3 times. That's complete and > utter incompetence on their part. > How they didn't already put certbot in a cron job after the first time > is beyond me. To get this topic back on topic for this list: When you are creating Let's Encrypt wildcard certificates you must use a DNS authenticiation protocol with letsencrypt. I am using the acme.sh client which was recommended for wildcard certificates. https://github.com/acmesh-official/acme.sh If you are running your own nameserver you also need to enable dynamic updates so that the acme.sh client can create TXT records during certificate acqusition and renewal. However I have found that getting zone dynamic updates (authentication, specifically) working with nsupdate (which acme.sh uses) and BIND have been a PITA. I haven't been overly impressed with the debug capabilities to help get nsupdate working properly.
Back to comp.protocols.dns.bind | Previous | Next | Find similar
BIND, nsupdate and acme.sh DNS authentication Brett Delmage <Brett@BrettDelmage.ca> - 2020-07-23 15:13 -0400
csiph-web