Add DNS provider for VinylDNS #1384
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hello, in order for a PR adding a DNS provider to be accepted, you have to:
make test
make test
make generate-dns
rm -rf .lego
./lego -m your@email.com --dns YOUR_PROVIDER_NAME -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory runNote the wildcard domain is important.
make checks
|
The VinylDNS backend has an issue with dotted hostname governance when a SOA record matches one of the requested ACME domains. It will accept the RecordSet changes, but will fail to create them silently in the background. This solution leverages the native lego functions to obtain the SOA in which the RecordSet should be placed rather than assuming it's always needs to use a dotted hostname.
$ ./lego -m user@example.com -a --dns vinyldns -d *.domain.example.com -d domain.example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
2021/04/08 17:51:35 No key found for account user@example.com. Generating a P256 key.
2021/04/08 17:51:35 Saved key to /Users/user/go/src/github.com/go-acme/lego/dist/.lego/accounts/acme-staging-v02.api.letsencrypt.org/user@example.com/keys/user@example.com.key
2021/04/08 17:51:36 [INFO] acme: Registering account for user@example.com
!!!! HEADS UP !!!!
Your account credentials have been saved in your Let's Encrypt
configuration directory at "/Users/user/go/src/github.com/go-acme/lego/dist/.lego/accounts".
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2021/04/08 17:51:36 [INFO] [*.domain.example.com, domain.example.com] acme: Obtaining bundled SAN certificate
2021/04/08 17:51:36 [INFO] [*.domain.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24730502
2021/04/08 17:51:36 [INFO] [domain.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/24730503
2021/04/08 17:51:36 [INFO] [*.domain.example.com] acme: use dns-01 solver
2021/04/08 17:51:36 [INFO] [domain.example.com] acme: Could not find solver for: tls-alpn-01
2021/04/08 17:51:36 [INFO] [domain.example.com] acme: Could not find solver for: http-01
2021/04/08 17:51:36 [INFO] [domain.example.com] acme: use dns-01 solver
2021/04/08 17:51:36 [INFO] [*.domain.example.com] acme: Preparing to solve DNS-01
2021/04/08 17:51:37 [INFO] Wait for vinyldns [timeout: 2m0s, interval: 4s]
2021/04/08 17:51:41 [INFO] [domain.example.com] acme: Preparing to solve DNS-01
2021/04/08 17:51:42 [INFO] Wait for vinyldns [timeout: 2m0s, interval: 4s]
2021/04/08 17:51:46 [INFO] [*.domain.example.com] acme: Trying to solve DNS-01
2021/04/08 17:51:46 [INFO] [*.domain.example.com] acme: Checking DNS record propagation using [8.8.8.8:53 8.8.4.4:53]
2021/04/08 17:51:50 [INFO] Wait for propagation [timeout: 2m0s, interval: 4s]
2021/04/08 17:51:50 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:51:54 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:51:58 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:03 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:07 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:11 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:15 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:19 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:23 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:27 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:31 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:36 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:40 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:44 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:48 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:52 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:52:56 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:53:00 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:53:04 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:53:09 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:53:13 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:53:17 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:53:21 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:53:25 [INFO] [*.domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:53:36 [INFO] [*.domain.example.com] The server validated our request
2021/04/08 17:53:36 [INFO] [domain.example.com] acme: Trying to solve DNS-01
2021/04/08 17:53:36 [INFO] [domain.example.com] acme: Checking DNS record propagation using [8.8.8.8:53 8.8.4.4:53]
2021/04/08 17:53:40 [INFO] Wait for propagation [timeout: 2m0s, interval: 4s]
2021/04/08 17:53:50 [INFO] [domain.example.com] acme: Waiting for DNS record propagation.
2021/04/08 17:54:02 [INFO] [domain.example.com] The server validated our request
2021/04/08 17:54:02 [INFO] [*.domain.example.com] acme: Cleaning DNS-01 challenge
2021/04/08 17:54:02 [INFO] Wait for vinyldns [timeout: 2m0s, interval: 4s]
2021/04/08 17:54:07 [INFO] [domain.example.com] acme: Cleaning DNS-01 challenge
2021/04/08 17:54:07 [INFO] Wait for vinyldns [timeout: 2m0s, interval: 4s]
2021/04/08 17:54:11 [INFO] [*.domain.example.com, domain.example.com] acme: Validations succeeded; requesting certificates
2021/04/08 17:54:11 [INFO] [*.domain.example.com] Server responded with a certificate. |
|
When building out this provider, I did use the Route53 provider as a reference for design homogeny. |
ldez
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds DNS-01 provider support for VinylDNS. VinylDNS is an open-source abstraction and governance DNS provider that leverages rfc2136 DNS backends such as BIND.