LetsEncrypt Wildcards (Ubuntu 18.04)
Noch in Bearbeitung
rfc2136
Installation
sudo apt-get install -y certbot python-certbot-apache python3-certbot-dns-rfc2136
Konfiguration
PowerDNS
sudo vi /etc/powerdns/pdns.conf
dnsupdate=yes allow-dnsupdate-from=
Datenbank
insert into domainmetadata(domain_id, kind, content) values(5, ‘SOA-EDIT-DNSUPDATE’,’INCREASE’);
dnssec-keygen -a HMAC-MD5 -b 128 -n ZONE example.com.
insert into tsigkeys (name, algorithm, secret) values ('dhcpdupdate', 'hmac-md5', 'FYhvwsW1ZtFZqWzsMpqhbg==');
sql> select id from domains where name='example.org'; 5 sql> insert into domainmetadata (domain_id, kind, content) values (5, 'TSIG-ALLOW-DNSUPDATE', 'dhcpdupdate');
sql> select id from domains where name='1.168.192.in-addr.arpa'; 6 sql> insert into domainmetadata (domain_id, kind, content) values (6, 'TSIG-ALLOW-DNSUPDATE', 'dhcpdupdate');
Links
https://certbot.eff.org/lets-encrypt/debianbuster-apache
Certbot
sudo mkdir /opt/certbot sudo vi /opt/certbot/rfc2136.ini
# Target DNS server dns_rfc2136_server = 127.0.0.1 # Target DNS port dns_rfc2136_port = 53 # TSIG key name dns_rfc2136_name = keyname. # TSIG key secret dns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg== # TSIG key algorithm dns_rfc2136_algorithm = HMAC-SHA512
certbot certonly \ --dns-rfc2136 \ --dns-rfc2136-credentials /opt/certbot/rfc2136.ini \ -d example.com
Links
https://certbot-dns-rfc2136.readthedocs.io/en/stable/
Links Allgemein
https://bbs.archlinux.org/viewtopic.php?id=240847
https://doc.powerdns.com/authoritative/dnsupdate.html
https://wiki.archlinux.org/index.php/Certbot
Docker
Um das certbot/dns-nsone-Image zu benützen, folgenden Befehl ausführen:
sudo docker run -it --rm --name certbot \ -v "/etc/letsencrypt:/etc/letsencrypt" \ -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \ certbot/dns-nsone certonly
Links
https://certbot.eff.org/docs/install.html#running-with-docker
https://hub.docker.com/u/certbot
https://medium.com/faun/docker-letsencrypt-dns-validation-75ba8c08a0d
Zurück zu LetsEncrypt