Simplified DNS server with convinient HTTP API for ACME DNS authentication handling in large environments or in environments with DNS servers without API.
Problems ACME-DNS is addressing
-------------------------------------------------
**Enabling ACME DNS authentication for domains hosted in environment without convinient API**
Many DNS servers don't provide good enough API for this kind record management. And/or support is finicky or experimental.
**Making automating DNS authenticated renewal more secure**
Traditional DNS servers / services that have a good API just are not designed around this kind of a need, and using them would require leaving your API credentials laying around every box that uses them. Completely compromising your whole zone, and possibly more (through compromising your email using MX record)
Self-hosted of as a service?
--------------------------------------
ACME-DNS is open source with appropriate license, and you are encouraged to host an instance yourself. If however you would like to use it as a service, we're hosting.
Features
------------
* Simplified DNS server, serving your ACME DNS challenges (TXT)
* Custom records (have your required A, AAAA, NS, whatever records served)
* HTTP API automatically gets and uses Let's Encrypt certificate
* Written in GO, so super simple deployment
* Easy configuration
* Supports SQLite & PostgreSQL
How does it work?
--------------------------
**1) Register an account**
Sounds more fancy than it is, basically means: do a GET request and recieve credentials, and your unique subdomain.
- "username" - Your username, send this in "X-Api-User" - HTTP header with update requests
- "password" - Your password, send this in "X-Api-Key" - HTTP header with update requests
- "subdomain" - This is your subdomain, provided for more easily crafting update request data
**2) Point your _acme-challenge.example.org magic subdomain CNAME to the "fulldomain" received from the registration above.**
This has to be done only once, when setting the domain up for the first time.
Here, if I would like to get certificate for domain "my.example.org", I would create a CNAME record "_acme-challenge.my.example.org" for zone "example.org" pointing to the fulldomain I recieved earlier, like this: