Comments (5)
I worked around it by copying a valid cert over from another machine and setting
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "cert"
# only used if tls = "cert"
tls_cert_privkey = "/etc/letsencrypt/live/mydomain.tld/privkey.pem"
tls_cert_fullchain = "/etc/letsencrypt/live/mydomain.tld/fullchain.pem"
That is of course not a real solution.
from acme-dns.
I can now successfully use the API, but not entirely:
% curl -X POST https://linuxserver.mydomain.tld:943/update -H "X-Api-User: <snip>" -H "X-Api-Key: <snip>" --data '{"subdomain": "<snip>", "txt": "___validation_token_recieved_from_the_ca___"}'| python3 -m json.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 161 100 54 100 107 688 1364 --:--:-- --:--:-- --:--:-- 2064
{
"txt": "___validation_token_recieved_from_the_ca___"
}
That is a call on the inside. 443 is not available from outside (no NAT). The log says:
acmedns-1 | time="2024-06-08T16:06:57Z" level=info msg=" Actual request no headers added: missing origin"
acmedns-1 | time="2024-06-08T16:06:57Z" level=debug msg="TXT updated" subdomain=<snip> txt=___validation_token_recieved_from_the_ca___
But when I try to read this from the outside:
$ dig _acme-challenge.acmedns.mydomain.tld txt
; <<>> DiG 9.11.36-RedHat-9.11.36-14.el8_10 <<>> _acme-challenge.acmedns.mydomain.tld txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42965
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 327e502452512e255ca948b766647f7248f5c0f8d3a99f53 (good)
;; QUESTION SECTION:
;_acme-challenge.acmedns.mydomain.tld. IN TXT
;; ANSWER SECTION:
_acme-challenge.acmedns.mydomain.tld. 1 IN TXT ""
;; AUTHORITY SECTION:
acmedns.mydomain.tld. 207 IN NS usedname.mydomain.tld.
;; Query time: 37 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jun 08 17:57:38 CEST 2024
;; MSG SIZE rcvd: 129
So, almost there?
from acme-dns.
Never mind @joohoi, it was in part a dumb question (there is a 'none' option).
from acme-dns.
Never mind, the error was mine (no surprise here). I had CNAME'd _acme-challenge.acmedns.mydomain.tld
to <acme-dns-subdomain>.acmedns.mydomain.tld
but I should have CNAME'd _acme-challenge.mydomain.tld
of course because that is where LE CA will look... 😬 Now just see if I can get it working in full.
So, probably the bootstrap would have worked too, maybe. I'll probably check later.
from acme-dns.
This was (as least in part) a dumb question.
from acme-dns.
Related Issues (20)
- README adduser command wrong
- acme-dns only saves a single TXT record, not 2
- Configuration questions HOT 1
- error message every 10 minutes about managing the server certificate HOT 9
- Register endpoint with configurable subdomain HOT 3
- CAA issues when higher level domain has a CAA HOT 2
- Add `server_url` to JSON storage file
- nxdomain responses include huge timeouts HOT 2
- Is it possible to add support for Dynamic DNS subdomains
- Add support for PROXY protocol
- Please accept the PR for making registration endpoint configurable HOT 4
- Not able to generate cert for itself, no TXT record created
- Issue with Certificate Renewal from Let's Encrypt
- Build failed, error in sqlite3 dependency
- Is this project still active? HOT 4
- Acme-Dns Server Failing
- TXT record returns two values - doesn't seem that should be possible HOT 4
- Should /health return a result?
- Unable to obtain the corresponding TXT record through _acme-challenge.example.tld HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-dns.