Authentication with regex-based authorization for PowerDNS 4.1, designed for CertBot.
You need go
and GOBIN
in your PATH
. Once that is done, install dyndns-pdns using the following command:
go get -u github.com/joeig/certbot-pdns-proxy
After that, copy config.dist.yml
to config.yml
, replace the default settings and run the binary:
certbot-pdns-proxy -config=/path/to/config.yml
If you're intending to add the application to your systemd runlevel, you may want to take a look at init/certbot-pdns-proxy.service
.
Deploy scripts/authenticator.sh
and scripts/cleanup.sh
on your servers and change the proxy URL.
You need to add your API credentials to ~/.netrc
as following:
machine 127.0.0.1
login foo
password bar
Pass the scripts to CertBot:
certbot certonly --manual --preferred-challenges=dns --manual-auth-hook /path/to/authenticator.sh --manual-cleanup-hook /path/to/cleanup.sh -d secure.example.com
- Q: How can I increase the SOA's serial automatically?
A: Set theSOA-EDIT-API
metadata to a value of your choice, for instancepdnsutil set-meta example.com SOA-EDIT-API INCEPTION-INCREMENT
. There might be a default setting in the future.