Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: 1 [2]

Author Topic: DNS ACME challenge. (Let's encrypt validation)  (Read 58375 times)

PJSalt

  • Newbie
  • *
  • Posts: 3
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #15 on: November 05, 2017, 01:34:22 PM »

Yeah, I also don't like having to store the login credentials of the account in a file like that. A system with an API key would be much better.

Even better would be if we could also limit what the API key can do and assign rights to it. For example: only create/edit/remove TXT records. So that when somebody unauthorized gets a hold of the API key that they can't do too much damage by for example changing A/AAAA records and such.
Logged

PJSalt

  • Newbie
  • *
  • Posts: 3
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #16 on: March 14, 2018, 06:28:28 AM »

Any updates on this? Now that Let's Encrypt has officially launched their v2 API with wildcard support (which only works with the dns-01 challenge method by the way), it would be nice if dns.he.net had an API as well.
« Last Edit: March 14, 2018, 06:48:17 AM by PJSalt »
Logged

TemiD

  • Newbie
  • *
  • Posts: 4
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #17 on: April 24, 2018, 04:46:09 PM »

+1 for Let's Encrypt and API integration. Cloudflare supported the api, but I moved to he.net for the ipv6 cert course. I use a wildcard for my network and manually renewing certs is going to bite.
Logged

beneckema

  • Newbie
  • *
  • Posts: 1
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #18 on: July 16, 2018, 02:40:13 AM »

+1 i like to use an scripted dns-01 challange, so it would be great to use the API like the "dynamic" A and AAAA Records
Logged

mkbloke

  • Newbie
  • *
  • Posts: 3
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #19 on: August 13, 2018, 03:08:38 AM »

+1 for an API supporting TXT records to make Let's Encrypt easy.

Ian
Logged

wrtpoona

  • Newbie
  • *
  • Posts: 4
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #20 on: September 21, 2019, 08:14:47 AM »

+1 for an TXT RR API, any update on this?
Logged

FostWare

  • Newbie
  • *
  • Posts: 1
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #21 on: March 02, 2020, 10:42:35 AM »

+1 for API that doesn't require removing 2FA
Logged

Vazhnov

  • Newbie
  • *
  • Posts: 1
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #22 on: April 11, 2020, 09:49:50 AM »

As I see on title page:

Quote
We're looking into implementing:
  • Expanding our DDNS service to support TXT records

Updated 11.28.2018

But still no news…
Logged

matth1187

  • Newbie
  • *
  • Posts: 17
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #23 on: July 10, 2020, 11:21:38 PM »

 I would've used it if it was available however, someone paranoid convinced me it may be a good idea to keep acme challenges on a separate provider of your main, assuming he, domain. in case your API key /pass gets compromised.

i found luadns.com to be noobishly easy to use and is default supported provider by most acme programs (is mentioned on LE website as a provider easily integrated, free). in addition to API it has a slick gui. create a zone like acme.domain.com. point some ns records from he to there. Then use cname in he. _acme-challenge.www.domain.com-> luadns, www.acme.domain.com. now can be automated and no messing with port 80. HTH!

Logged

jvandenbroek

  • Newbie
  • *
  • Posts: 1
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #24 on: July 20, 2020, 05:02:41 AM »

Was looking for this and found out that it's now actually possible to set DDNS for a TXT record. Just needed some trial and error to get it working:

Code: [Select]
curl -k https://dyn.dns.he.net/nic/update -d "hostname=_acme-challenge.mydomain.com" -d "password=mypassword" -d "txt=somevalue"
« Last Edit: July 20, 2020, 05:06:32 AM by jvandenbroek »
Logged

Com DAC

  • Newbie
  • *
  • Posts: 1
Re: DNS ACME challenge. (Let's encrypt validation)
« Reply #25 on: August 02, 2020, 04:38:47 PM »

found that ddns is now possible for txt records (YAY). The things I'm unable to figure out now is how to update the records if you have two of the same txt records? For example if you have a Let's Encrypt certificate for *.domain.ext and domain.ext then you need two txt entries _acme-challenge.domain.ext and _acme-challenge.domain.ext. I can do this manually but when I setup the entries to be dynamic I'm only able to update the last one I updated with a password. Does anyone know if there is a trick for this situation or if this part isn't implemented yet?
Logged
Pages: 1 [2]