starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Add example for using DNS-01 challenge #48

New Issue
Closed
opened 2025-12-29 00:23:25 +01:00 by adam · 9 comments
adam commented 2025-12-29 00:23:25 +01:00
Owner
Copy Link

Originally created by @jmreicha on GitHub (Jan 31, 2016).

I am new to LE in general and while the description for using the challenge type is nice, it would be helpful to someone new to have an example usage.

Originally created by @jmreicha on GitHub (Jan 31, 2016). I am new to LE in general and while the description for using the challenge type is nice, it would be helpful to someone new to have an example usage.
adam closed this issue 2025-12-29 00:23:25 +01:00
adam commented 2025-12-29 00:23:26 +01:00
Author
Owner
Copy Link

@germeier commented on GitHub (Jan 31, 2016):

My example from my initial PR: b6611a7d05/hook-dns-01.sh.example

I still think an examples section in the wiki would come in handy.

@germeier commented on GitHub (Jan 31, 2016): My example from my initial PR: https://github.com/germeier/letsencrypt.sh/blob/b6611a7d05c0171db01a5dd904fb0da052d753b8/hook-dns-01.sh.example I still think an examples section in the wiki would come in handy.
adam commented 2025-12-29 00:23:27 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Jan 31, 2016):

@germeier the wiki is now writable (again), if you want you can add some examples

@lukas2511 commented on GitHub (Jan 31, 2016): @germeier the wiki is now writable (again), if you want you can add some examples
adam commented 2025-12-29 00:23:28 +01:00
Author
Owner
Copy Link

@germeier commented on GitHub (Jan 31, 2016):

Added my example script to the wiki: https://github.com/lukas2511/letsencrypt.sh/wiki/Example-hook-script-using-dns-01-with-nsupdate

@germeier commented on GitHub (Jan 31, 2016): Added my example script to the wiki: https://github.com/lukas2511/letsencrypt.sh/wiki/Example-hook-script-using-dns-01-with-nsupdate
adam commented 2025-12-29 00:23:28 +01:00
Author
Owner
Copy Link

@jmreicha commented on GitHub (Jan 31, 2016):

Nice, thanks. Maybe this can get a link in the readme?

@jmreicha commented on GitHub (Jan 31, 2016): Nice, thanks. Maybe this can get a link in the readme?
adam commented 2025-12-29 00:23:28 +01:00
Author
Owner
Copy Link

@asimihsan commented on GitHub (Feb 1, 2016):

I've successfully used the following hook script to do the DNS challenge on Route53:

https://gist.github.com/asimihsan/d8d8f0f10bdc85fc6f8a

The idea is simple: you need to add the token as a TXT record to _acme-challenge.#{domain}.. However, a) this code isn't refactored very well, and b) on lines 19 and 45 you get the hosted zone with the name the same as the requested domain. Hence it won't work as-is if you request e.g sub.domain.com, since you need to search for domain.com.

If you think this script is useful I can refactor it and make it more resilient to work as-is for subdomains.

@asimihsan commented on GitHub (Feb 1, 2016): I've successfully used the following hook script to do the DNS challenge on Route53: https://gist.github.com/asimihsan/d8d8f0f10bdc85fc6f8a The idea is simple: you need to add the token as a TXT record to `_acme-challenge.#{domain}.`. However, a) this code isn't refactored very well, and b) on lines 19 and 45 you get the hosted zone with the name the same as the requested domain. Hence it won't work as-is if you request e.g `sub.domain.com`, since you need to search for `domain.com`. If you think this script is useful I can refactor it and make it more resilient to work as-is for subdomains.
adam commented 2025-12-29 00:23:29 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Feb 1, 2016):

Added a wiki page with links to those examples: https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks

@lukas2511 commented on GitHub (Feb 1, 2016): Added a wiki page with links to those examples: https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks
adam commented 2025-12-29 00:23:30 +01:00
Author
Owner
Copy Link

@AnalogJ commented on GitHub (Feb 5, 2016):

Hey @lukas2511,
I created a simple library called lexicon that lets you manipulate DNS records on various cloud DNS providers in a standardized way. It was built specifically for use with letsencrypt.sh and has an example cloudflare dns-01 hook file based off of @germeier's work. To use a different provider all you need to do is change 1 line in the example hook file.

python cli.py cloudflare create www.example.com TXT \
--name "_acme-challenge.www.example.com." --content "challenge token"

Currently it only supports Cloudflare and PointHQ, but I'm happy to merge PR's for additional providers.

Thanks for letsencrypt.sh btw, I'm a huge fan.

@AnalogJ commented on GitHub (Feb 5, 2016): Hey @lukas2511, I created a simple library called [lexicon](https://github.com/AnalogJ/lexicon) that lets you manipulate DNS records on various cloud DNS providers in a standardized way. It was built specifically for use with letsencrypt.sh and has an example [cloudflare dns-01 hook file](https://github.com/AnalogJ/lexicon/blob/master/examples/letsencrypt.cloudflare.sh) based off of @germeier's work. To use a different provider all you need to do is change 1 line in the example hook file. ``` python cli.py cloudflare create www.example.com TXT \ --name "_acme-challenge.www.example.com." --content "challenge token" ``` Currently it only supports Cloudflare and PointHQ, but I'm happy to merge PR's for additional providers. Thanks for letsencrypt.sh btw, I'm a huge fan.
adam commented 2025-12-29 00:23:30 +01:00
Author
Owner
Copy Link

@YasharF commented on GitHub (Nov 1, 2016):

Did lexicon or other integration for automating dns-01 challenge get added at some point?

@YasharF commented on GitHub (Nov 1, 2016): Did lexicon or other integration for automating dns-01 challenge get added at some point?
adam commented 2025-12-29 00:23:30 +01:00
Author
Owner
Copy Link

@AnalogJ commented on GitHub (Nov 3, 2016):

Hey @YasharF
It doesn't require any changes to dehydrated to support automated dns-01 challenges, just a hook file that calls lexicon.

I wrote a blog post which fully explains how to get lexicon to work with dehydrated (though its a bit outdated now). The lexicon repo includes an up-to-date Dockerfile which installs dehydrated, and configures both correctly. If you still need help feel free to open an issue in the lexicon repo

@AnalogJ commented on GitHub (Nov 3, 2016): Hey @YasharF It doesn't require any changes to `dehydrated` to support automated dns-01 challenges, just a hook file that calls `lexicon`. I wrote a [blog post](http://blog.thesparktree.com/post/138999997429/generating-intranet-and-private-network-ssl) which fully explains how to get `lexicon` to work with `dehydrated` (though its a bit outdated now). The `lexicon` repo includes an up-to-date [Dockerfile](https://github.com/AnalogJ/lexicon/blob/master/Dockerfile) which installs `dehydrated`, and configures both correctly. If you still need help feel free to open an issue in the [lexicon repo](https://github.com/AnalogJ/lexicon)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#48
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?