LetsEncrypt Wildcards (Ubuntu 18.04)

Aus Tutorials
Zur Navigation springen Zur Suche springen

Noch in Bearbeitung


rfc2136

Installation

sudo apt-get install -y certbot python-certbot-apache python3-certbot-dns-rfc2136

Konfiguration

PowerDNS

sudo vi /etc/powerdns/pdns.conf
dnsupdate=yes
allow-dnsupdate-from=
Datenbank
insert into domainmetadata(domain_id, kind, content) values(5, ‘SOA-EDIT-DNSUPDATE’,’INCREASE’);


dnssec-keygen -a HMAC-MD5 -b 128 -n ZONE example.com.
insert into tsigkeys (name, algorithm, secret) values ('dhcpdupdate', 'hmac-md5', 'FYhvwsW1ZtFZqWzsMpqhbg==');
sql> select id from domains where name='example.org';
5
sql> insert into domainmetadata (domain_id, kind, content) values (5, 'TSIG-ALLOW-DNSUPDATE', 'dhcpdupdate');


sql> select id from domains where name='1.168.192.in-addr.arpa';
6
sql> insert into domainmetadata (domain_id, kind, content) values (6, 'TSIG-ALLOW-DNSUPDATE', 'dhcpdupdate');
Links

https://certbot.eff.org/lets-encrypt/debianbuster-apache

Certbot

sudo mkdir /opt/certbot
sudo vi /opt/certbot/rfc2136.ini


# Target DNS server
dns_rfc2136_server = 127.0.0.1
# Target DNS port
dns_rfc2136_port = 53
# TSIG key name
dns_rfc2136_name = keyname.
# TSIG key secret
dns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg==
# TSIG key algorithm
dns_rfc2136_algorithm = HMAC-SHA512
certbot certonly \
  --dns-rfc2136 \
  --dns-rfc2136-credentials /opt/certbot/rfc2136.ini \
  -d example.com
Links

https://certbot-dns-rfc2136.readthedocs.io/en/stable/

Links Allgemein

https://bbs.archlinux.org/viewtopic.php?id=240847

https://doc.powerdns.com/authoritative/dnsupdate.html

https://wiki.archlinux.org/index.php/Certbot

Docker

Um das certbot/dns-nsone-Image zu benützen, folgenden Befehl ausführen:

sudo docker run -it --rm --name certbot \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            certbot/dns-nsone certonly

Links

https://certbot.eff.org/docs/install.html#running-with-docker

https://hub.docker.com/u/certbot

https://medium.com/faun/docker-letsencrypt-dns-validation-75ba8c08a0d


Zurück zu LetsEncrypt