-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Other challenge types (e.g. DNS-01) #31
Comments
Thanks for asking! I would love to see this happen, but I don't have the capacity to work on this myself, other than reviewing design & implementation. I feel that the most challenging part is indeed supporting different providers. I agree that behaviour is the way to go, and we should start by choosing a single provider. If we can make that work, the wider community can contribute other providers. It would be great if we could keep local-development & testing friendliness, i.e. if it would be easy to run a dns certification locally without talking to a remote dns server. I currently don't know what this requires in practice though. I'm pretty short on time these days, but if you're interested in giving this a try, I'll try to make some room for discussing possible approaches. |
I'd be willing to give it a shot, but probably won't have time for about a month (depending on the effort involved).
I could also provide a CloudFlare provider behaviour implementation relatively easily. It looks like DNSimple also has an official Elixir client as well.
I have no idea what would be required for the local DNS testing either... Also, I personally just recently (manually) scratched this itch in the meantime by finding out that there are docker containers for a bunch of different DNS providers, like this certbot/dns-cloudflare docker run -it --rm --name certbot \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/dns-cloudflare certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /path/to/cloudflare.ini \
-d local.mysite.com I needed this to test in local dev working with S3 presigned URLs with customer provided encryption keys (AWS requires https in this case but also didn't like my self-signed certs) |
Well, of course there is an erlang DNS server https://github.com/dnsimple/erldns 😄 https://hex.pm/packages/erldns erldns_zone_cache:put_zone({
<<"example.com">>, [
#dns_rr{
name = <<"example.com">>,
type = ?DNS_TYPE_A,
ttl = 3600,
data = #dns_rrdata_a{ip = {1,2,3,4}}
},
#dns_rr{
name = <<"www.example.com">>,
type = ?DNS_TYPE_CNAME,
ttl = 3600,
data = #dns_rrdata_cname{dname = <<"example.com">>}
}
]}). plus something like http://erlang.org/doc/man/inet_res.html And if we really needed more than that, maybe a tool like |
@sasa1977 We could really use something like this at work, so I might be able to dedicate some time to this now. |
How much effort do you think would be required to make challenge type configurable, so we could use
DNS-01
challenges?https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
And in that case maybe we could provide our own modules that implements a behaviour, which would probably be needed.
Maybe something that looks similar to:
And the community could easily contribute modules for different DNS provider APIs: https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438
The text was updated successfully, but these errors were encountered: