2016-11-29 06:15:00 +07:00
[![Build Status ](https://travis-ci.org/joohoi/acme-dns.svg?branch=master )](https://travis-ci.org/joohoi/acme-dns) [![Coverage Status ](https://coveralls.io/repos/github/joohoi/acme-dns/badge.svg?branch=master )](https://coveralls.io/github/joohoi/acme-dns?branch=master) [![Go Report Card ](https://goreportcard.com/badge/github.com/joohoi/acme-dns )](https://goreportcard.com/report/github.com/joohoi/acme-dns)
2016-11-29 05:39:46 +07:00
# acme-dns
2016-11-14 21:55:27 +07:00
2016-11-29 05:39:46 +07:00
A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges.
2016-11-14 21:55:27 +07:00
2016-11-29 05:39:46 +07:00
## Why?
2016-11-14 21:55:27 +07:00
2016-12-02 22:44:58 +07:00
Many DNS servers do not provide an API to enable automation for the ACME DNS challenges. Those which do, give the keys way too much power.
Leaving the keys laying around your random boxes is too often a requirement to have a meaningful process automation.
2016-11-14 21:55:27 +07:00
2018-06-05 15:42:16 +07:00
Acme-dns provides a simple API exclusively for TXT record updates and should be used with ACME magic "\_acme-challenge" - subdomain CNAME records. This way, in the unfortunate exposure of API keys, the effects are limited to the subdomain TXT record in question.
2016-12-03 16:33:43 +07:00
2018-06-05 15:50:42 +07:00
So basically it boils down to **accessibility** and **security** .
2016-11-14 21:55:27 +07:00
2020-01-09 01:40:37 +07:00
For longer explanation of the underlying issue and other proposed solutions, see a blog post on the topic from EFF deeplinks blog: https://www.eff.org/deeplinks/2018/02/technical-deep-dive-securing-automation-acme-dns-challenge-validation
2016-11-29 05:39:46 +07:00
## Features
2016-11-29 05:43:24 +07:00
- Simplified DNS server, serving your ACME DNS challenges (TXT)
- Custom records (have your required A, AAAA, NS, etc. records served)
- HTTP API automatically acquires and uses Let's Encrypt TLS certificate
2016-12-03 16:33:43 +07:00
- Limit /update API endpoint access to specific CIDR mask(s), defined in the /register request
2016-11-29 05:43:24 +07:00
- Supports SQLite & PostgreSQL as DB backends
2018-01-22 17:47:26 +07:00
- Rolling update of two TXT records to be able to answer to challenges for certificates that have both names: `yourdomain.tld` and `*.yourdomain.tld` , as both of the challenges point to the same subdomain.
2016-12-03 16:33:43 +07:00
- Simple deployment (it's Go after all)
2016-11-14 21:55:27 +07:00
2016-11-29 06:06:16 +07:00
## Usage
2018-03-15 18:40:45 +07:00
2021-01-11 23:07:22 +07:00
A client application for acme-dns with support for Certbot authentication hooks is available at: [https://github.com/acme-dns/acme-dns-client ](https://github.com/acme-dns/acme-dns-client ).
2018-03-15 18:40:45 +07:00
2016-12-03 20:44:50 +07:00
[![asciicast ](https://asciinema.org/a/94903.png )](https://asciinema.org/a/94903)
2016-11-29 17:48:36 +07:00
2017-01-30 14:32:01 +07:00
Using acme-dns is a three-step process (provided you already have the self-hosted server set up):
2016-11-29 06:06:16 +07:00
2016-12-03 16:33:43 +07:00
- Get credentials and unique subdomain (simple POST request to eg. https://auth.acme-dns.io/register)
2016-11-29 06:06:16 +07:00
- Create a (ACME magic) CNAME record to your existing zone, pointing to the subdomain you got from the registration. (eg. `_acme-challenge.domainiwantcertfor.tld. CNAME a097455b-52cc-4569-90c8-7a4b97c6eba8.auth.example.org` )
2018-06-05 15:50:42 +07:00
- Use your credentials to POST new DNS challenge values to an acme-dns server for the CA to validate from.
2016-11-30 13:26:46 +07:00
- Crontab and forget.
2016-11-29 06:06:16 +07:00
2016-11-29 05:39:46 +07:00
## API
2016-11-14 21:55:27 +07:00
2016-11-29 05:39:46 +07:00
### Register endpoint
2016-11-14 21:59:00 +07:00
2016-11-30 13:26:46 +07:00
The method returns a new unique subdomain and credentials needed to update your record.
2016-12-03 16:33:43 +07:00
Fulldomain is where you can point your own `_acme-challenge` subdomain CNAME record to.
2018-06-05 15:42:16 +07:00
With the credentials, you can update the TXT response in the service to match the challenge token, later referred as \_\_\_validation\_token\_received\_from\_the\_ca\_\_\_, given out by the Certificate Authority.
2016-11-14 21:55:27 +07:00
2018-06-05 15:50:42 +07:00
**Optional:**: You can POST JSON data to limit the `/update` requests to predefined source networks using CIDR notation.
2016-11-14 21:55:27 +07:00
2016-12-03 16:33:43 +07:00
```POST /register```
#### OPTIONAL Example input
```json
{
"allowfrom": [
"192.168.100.1/24",
"1.2.3.4/32",
2017-09-01 13:37:22 +07:00
"2002:c0a8:2a00::0/40"
]
2016-12-03 16:33:43 +07:00
}
```
2016-11-14 21:55:27 +07:00
2016-11-29 05:43:24 +07:00
```Status: 201 Created```
2016-12-03 16:33:43 +07:00
```json
2016-11-29 05:43:24 +07:00
{
2016-12-03 16:33:43 +07:00
"allowfrom": [
"192.168.100.1/24",
2017-09-01 13:37:22 +07:00
"1.2.3.4/32",
"2002:c0a8:2a00::0/40"
2016-12-03 16:33:43 +07:00
],
2016-11-29 05:43:24 +07:00
"fulldomain": "8e5700ea-a4bf-41c7-8a77-e990661dcc6a.auth.acme-dns.io",
"password": "htB9mR9DYgcu9bX_afHF62erXaH2TS7bg9KW3F7Z",
"subdomain": "8e5700ea-a4bf-41c7-8a77-e990661dcc6a",
"username": "c36f50e8-4632-44f0-83fe-e070fef28a10"
}
```
2016-11-14 21:55:27 +07:00
2016-11-29 05:39:46 +07:00
### Update endpoint
2016-11-14 21:55:27 +07:00
2016-11-29 05:43:24 +07:00
The method allows you to update the TXT answer contents of your unique subdomain. Usually carried automatically by automated ACME client.
2016-11-14 21:55:27 +07:00
2016-11-29 05:43:24 +07:00
```POST /update```
2016-11-14 21:55:27 +07:00
2016-11-29 05:43:24 +07:00
#### Required headers
| Header name | Description | Example |
| ------------- |--------------------------------------------|-------------------------------------------------------|
2018-06-05 15:42:16 +07:00
| X-Api-User | UUIDv4 username received from registration | `X-Api-User: c36f50e8-4632-44f0-83fe-e070fef28a10` |
| X-Api-Key | Password received from registration | `X-Api-Key: htB9mR9DYgcu9bX_afHF62erXaH2TS7bg9KW3F7Z` |
2016-11-14 21:55:27 +07:00
2016-11-29 05:43:24 +07:00
#### Example input
2016-12-03 16:33:43 +07:00
```json
2016-11-29 05:43:24 +07:00
{
"subdomain": "8e5700ea-a4bf-41c7-8a77-e990661dcc6a",
2018-06-05 15:42:16 +07:00
"txt": "___validation_token_received_from_the_ca___"
2016-11-29 05:43:24 +07:00
}
```
2016-11-15 04:53:58 +07:00
2016-11-29 05:43:24 +07:00
#### Response
2016-11-15 04:53:58 +07:00
2016-11-29 06:09:38 +07:00
```Status: 200 OK```
```json
2016-11-29 05:43:24 +07:00
{
2018-06-05 15:42:16 +07:00
"txt": "___validation_token_received_from_the_ca___"
2016-11-29 05:43:24 +07:00
}
```
2016-11-15 04:53:58 +07:00
2019-01-26 00:22:53 +07:00
### Health check endpoint
The method can be used to check readiness and/or liveness of the server. It will return status code 200 on success or won't be reachable.
```GET /health```
2016-11-29 05:39:46 +07:00
## Self-hosted
2016-11-15 04:53:58 +07:00
2018-06-05 15:42:16 +07:00
You are encouraged to run your own acme-dns instance, because you are effectively authorizing the acme-dns server to act on your behalf in providing the answer to the challenging CA, making the instance able to request (and get issued) a TLS certificate for the domain that has CNAME pointing to it.
2016-11-15 04:53:58 +07:00
2018-06-05 15:50:42 +07:00
See the INSTALL section for information on how to do this.
2016-11-15 04:53:58 +07:00
2016-11-29 05:39:46 +07:00
## Installation
2016-11-15 04:53:58 +07:00
2019-10-17 18:21:04 +07:00
1) Install [Go 1.13 or newer ](https://golang.org/doc/install ).
2016-11-15 04:53:58 +07:00
2020-01-09 01:40:37 +07:00
2) Build acme-dns:
```
git clone https://github.com/joohoi/acme-dns
cd acme-dns
export GOPATH=/tmp/acme-dns
go build
```
3) Move the built acme-dns binary to a directory in your $PATH, for example:
`sudo mv acme-dns /usr/local/bin`
2016-11-15 04:56:13 +07:00
2020-01-09 01:40:37 +07:00
4) Edit config.cfg to suit your needs (see [configuration ](#configuration )). `acme-dns` will read the configuration file from `/etc/acme-dns/config.cfg` or `./config.cfg` , or a location specified with the `-c` flag.
2016-11-15 04:56:13 +07:00
2020-01-09 01:40:37 +07:00
5) If your system has systemd, you can optionally install acme-dns as a service so that it will start on boot and be tracked by systemd. This also allows us to add the `CAP_NET_BIND_SERVICE` capability so that acme-dns can be run by a user other than root.
2018-05-27 04:08:55 +07:00
1) Make sure that you have moved the configuration file to `/etc/acme-dns/config.cfg` so that acme-dns can access it globally.
2018-06-05 15:50:42 +07:00
2) Move the acme-dns executable from `~/go/bin/acme-dns` to `/usr/local/bin/acme-dns` (Any location will work, just be sure to change `acme-dns.service` to match).
2018-05-27 04:08:55 +07:00
2018-06-05 15:50:42 +07:00
3) Create a minimal acme-dns user: `sudo adduser --system --gecos "acme-dns Service" --disabled-password --group --home /var/lib/acme-dns acme-dns` .
2018-05-27 04:08:55 +07:00
2018-06-05 15:50:42 +07:00
4) Move the systemd service unit from `acme-dns.service` to `/etc/systemd/system/acme-dns.service` .
2018-05-27 04:08:55 +07:00
2018-06-05 15:50:42 +07:00
5) Reload systemd units: `sudo systemctl daemon-reload` .
2018-05-27 04:08:55 +07:00
2018-06-05 15:50:42 +07:00
6) Enable acme-dns on boot: `sudo systemctl enable acme-dns.service` .
2018-05-27 04:08:55 +07:00
2018-06-05 15:50:42 +07:00
7) Run acme-dns: `sudo systemctl start acme-dns.service` .
2018-05-27 04:08:55 +07:00
2020-01-09 01:40:37 +07:00
6) If you did not install the systemd service, run `acme-dns` . Please note that acme-dns needs to open a privileged port (53, domain), so it needs to be run with elevated privileges.
2016-11-24 03:24:59 +07:00
2018-03-23 10:32:56 +07:00
### Using Docker
2018-01-22 17:35:07 +07:00
2018-06-05 15:50:42 +07:00
1) Pull the latest acme-dns Docker image: `docker pull joohoi/acme-dns` .
2018-01-22 17:35:07 +07:00
2) Create directories: `config` for the configuration file, and `data` for the sqlite3 database.
2018-06-05 15:50:42 +07:00
3) Copy [configuration template ](https://raw.githubusercontent.com/joohoi/acme-dns/master/config.cfg ) to `config/config.cfg` .
2018-01-22 17:35:07 +07:00
2018-06-05 15:50:42 +07:00
4) Modify the `config.cfg` to suit your needs.
2018-01-22 17:35:07 +07:00
2018-06-05 15:50:42 +07:00
5) Run Docker, this example expects that you have `port = "80"` in your `config.cfg` :
2018-01-22 17:35:07 +07:00
```
docker run --rm --name acmedns \
-p 53:53 \
2018-12-13 17:19:10 +07:00
-p 53:53/udp \
2018-01-22 17:35:07 +07:00
-p 80:80 \
-v /path/to/your/config:/etc/acme-dns:ro \
-v /path/to/your/data:/var/lib/acme-dns \
-d joohoi/acme-dns
```
2018-03-23 10:32:56 +07:00
### Docker Compose
2018-01-22 17:35:07 +07:00
1) Create directories: `config` for the configuration file, and `data` for the sqlite3 database.
2018-06-05 15:50:42 +07:00
2) Copy [configuration template ](https://raw.githubusercontent.com/joohoi/acme-dns/master/config.cfg ) to `config/config.cfg` .
2018-01-22 17:35:07 +07:00
3) Copy [docker-compose.yml from the project ](https://raw.githubusercontent.com/joohoi/acme-dns/master/docker-compose.yml ), or create your own.
2018-06-05 15:50:42 +07:00
4) Edit the `config/config.cfg` and `docker-compose.yml` to suit your needs, and run `docker-compose up -d` .
2016-11-15 04:53:58 +07:00
2018-03-23 10:32:56 +07:00
## DNS Records
Note: In this documentation:
2018-09-28 04:33:51 +07:00
- `auth.example.org` is the hostname of the acme-dns server
- acme-dns will serve `*.auth.example.org` records
2018-03-23 10:32:56 +07:00
- `198.51.100.1` is the **public** IP address of the system running acme-dns
These values should be changed based on your environment.
You will need to add some DNS records on your domain's regular DNS server:
2018-09-28 04:33:51 +07:00
- `NS` record for `auth.example.org` pointing to `auth.example.org` (this means, that `auth.example.org` is responsible for any `*.auth.example.org` records)
- `A` record for `auth.example.org` pointing to `198.51.100.1`
2018-06-05 15:50:42 +07:00
- If using IPv6, an `AAAA` record pointing to the IPv6 address.
- Each domain you will be authenticating will need a `_acme-challenge` `CNAME` subdomain added. The [client ](README.md#clients ) you use will explain how to do this.
2018-03-23 10:32:56 +07:00
## Testing It Out
You may want to test that acme-dns is working before using it for real queries.
2018-09-28 04:33:51 +07:00
1) Confirm that DNS lookups for the acme-dns subdomain works as expected: `dig auth.example.org` .
2018-03-23 10:32:56 +07:00
2) Call the `/register` API endpoint to register a test domain:
```
2021-01-11 19:50:48 +07:00
$ curl -X POST https://auth.example.org/register
2018-09-28 04:33:51 +07:00
{"username":"eabcdb41-d89f-4580-826f-3e62e9755ef2","password":"pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0","fulldomain":"d420c923-bbd7-4056-ab64-c3ca54c9b3cf.auth.example.org","subdomain":"d420c923-bbd7-4056-ab64-c3ca54c9b3cf","allowfrom":[]}
2018-03-23 10:32:56 +07:00
```
3) Call the `/update` API endpoint to set a test TXT record. Pass the `username` , `password` and `subdomain` received from the `register` call performed above:
```
$ curl -X POST \
-H "X-Api-User: eabcdb41-d89f-4580-826f-3e62e9755ef2" \
-H "X-Api-Key: pbAXVjlIOE01xbut7YnAbkhMQIkcwoHO0ek2j4Q0" \
2018-06-05 15:42:16 +07:00
-d '{"subdomain": "d420c923-bbd7-4056-ab64-c3ca54c9b3cf", "txt": "___validation_token_received_from_the_ca___"}' \
2021-01-11 19:50:48 +07:00
https://auth.example.org/update
2018-03-23 10:32:56 +07:00
```
Note: The `txt` field must be exactly 43 characters long, otherwise acme-dns will reject it
2019-01-20 23:23:07 +07:00
4) Perform a DNS lookup to the test subdomain to confirm the updated TXT record is being served:
2018-03-23 10:32:56 +07:00
```
2019-01-20 23:23:07 +07:00
$ dig -t txt @auth .example.org d420c923-bbd7-4056-ab64-c3ca54c9b3cf.auth.example.org
2018-03-23 10:32:56 +07:00
```
2016-11-29 05:39:46 +07:00
## Configuration
2016-11-15 04:53:58 +07:00
2016-11-29 06:09:38 +07:00
```bash
2016-11-29 05:39:46 +07:00
[general]
2018-10-31 05:54:51 +07:00
# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
# In this case acme-dns will error out and you will need to define the listening interface
# for example: listen = "127.0.0.1:53"
2019-10-21 02:52:19 +07:00
listen = "127.0.0.1:53"
2018-12-13 17:19:10 +07:00
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
protocol = "both"
2018-05-14 17:42:39 +07:00
# domain name to serve the requests off of
2016-11-29 05:39:46 +07:00
domain = "auth.example.org"
2018-05-14 17:42:39 +07:00
# zone name server
2018-09-28 03:58:37 +07:00
nsname = "auth.example.org"
2016-11-30 13:26:46 +07:00
# admin email address, where @ is substituted with .
2016-11-29 05:39:46 +07:00
nsadmin = "admin.example.org"
2016-11-30 13:26:46 +07:00
# predefined records served in addition to the TXT
2016-11-29 05:39:46 +07:00
records = [
2019-10-21 02:52:19 +07:00
# domain pointing to the public IP of your acme-dns server
2018-09-28 04:33:51 +07:00
"auth.example.org. A 198.51.100.1",
2018-09-28 03:58:37 +07:00
# specify that auth.example.org will resolve any *.auth.example.org records
"auth.example.org. NS auth.example.org.",
2016-11-29 05:39:46 +07:00
]
# debug messages from CORS etc
debug = false
2016-11-15 04:53:58 +07:00
2016-11-29 05:39:46 +07:00
[database]
# Database engine to use, sqlite3 or postgres
engine = "sqlite3"
# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
2019-10-21 02:52:19 +07:00
# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
2018-09-28 15:40:50 +07:00
connection = "/var/lib/acme-dns/acme-dns.db"
2016-11-29 05:39:46 +07:00
# connection = "postgres://user:password@localhost/acmedns_db"
[api]
2019-10-21 02:52:19 +07:00
# listen ip eg. 127.0.0.1
ip = "0.0.0.0"
2018-03-15 04:35:39 +07:00
# disable registration endpoint
disable_registration = false
2016-11-29 05:39:46 +07:00
# listen port, eg. 443 for default HTTPS
2019-10-21 02:52:19 +07:00
port = "443"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "letsencryptstaging"
2016-11-29 05:39:46 +07:00
# only used if tls = "cert"
tls_cert_privkey = "/etc/tls/example.org/privkey.pem"
tls_cert_fullchain = "/etc/tls/example.org/fullchain.pem"
2018-05-14 17:42:39 +07:00
# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"
2021-01-11 19:35:54 +07:00
# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
notification_email = ""
2016-11-29 05:39:46 +07:00
# CORS AllowOrigins, wildcards can be used
corsorigins = [
"*"
]
2018-09-28 03:51:31 +07:00
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"
2016-11-29 05:39:46 +07:00
[logconfig]
# logging level: "error", "warning", "info" or "debug"
loglevel = "debug"
# possible values: stdout, TODO file & integrations
logtype = "stdout"
# file path for logfile TODO
# logfile = "./acme-dns.log"
2018-05-14 17:42:39 +07:00
# format, either "json" or "text"
2016-11-29 05:39:46 +07:00
logformat = "text"
```
2016-11-15 04:53:58 +07:00
2019-06-12 19:42:23 +07:00
## HTTPS API
The RESTful acme-dns API can be exposed over HTTPS in two ways:
1. Using `tls = "letsencrypt"` and letting acme-dns issue its own certificate
automatically with Let's Encrypt.
1. Using `tls = "cert"` and providing your own HTTPS certificate chain and
private key with `tls_cert_fullchain` and `tls_cert_privkey` .
Where possible the first option is recommended. This is the easiest and safest
way to have acme-dns expose its API over HTTPS.
**Warning**: If you choose to use `tls = "cert"` you must take care that the
certificate *does not expire* ! If it does and the ACME client you use to issue the
certificate depends on the ACME DNS API to update TXT records you will be stuck
in a position where the API certificate has expired but it can't be renewed
because the ACME client will refuse to connect to the ACME DNS API it needs to
use for the renewal.
2018-03-20 19:56:14 +07:00
## Clients
2018-03-15 18:40:45 +07:00
2018-04-08 16:51:06 +07:00
- acme.sh: [https://github.com/Neilpang/acme.sh ](https://github.com/Neilpang/acme.sh )
2018-12-18 16:05:02 +07:00
- Certify The Web: [https://github.com/webprofusion/certify ](https://github.com/webprofusion/certify )
2018-10-31 06:13:10 +07:00
- cert-manager: [https://github.com/jetstack/cert-manager ](https://github.com/jetstack/cert-manager )
2018-07-10 04:28:53 +07:00
- Lego: [https://github.com/xenolf/lego ](https://github.com/xenolf/lego )
2018-05-03 03:15:50 +07:00
- Posh-ACME: [https://github.com/rmbolger/Posh-ACME ](https://github.com/rmbolger/Posh-ACME )
2018-04-24 18:17:59 +07:00
- Sewer: [https://github.com/komuw/sewer ](https://github.com/komuw/sewer )
2018-10-31 06:13:10 +07:00
- Traefik: [https://github.com/containous/traefik ](https://github.com/containous/traefik )
2020-02-11 00:27:16 +07:00
- Windows ACME Simple (WACS): [https://www.win-acme.com ](https://www.win-acme.com )
2018-04-08 16:51:06 +07:00
2018-03-20 19:56:14 +07:00
### Authentication hooks
2021-01-11 23:07:22 +07:00
- acme-dns-client with Certbot authentication hook: [https://github.com/acme-dns/acme-dns-client ](https://github.com/acme-dns/acme-dns-client )
2018-04-08 16:51:06 +07:00
- Certbot authentication hook in Python: [https://github.com/joohoi/acme-dns-certbot-joohoi ](https://github.com/joohoi/acme-dns-certbot-joohoi )
2018-05-14 17:42:39 +07:00
- Certbot authentication hook in Go: [https://github.com/koesie10/acme-dns-certbot-hook ](https://github.com/koesie10/acme-dns-certbot-hook )
2018-03-20 19:56:14 +07:00
### Libraries
- Generic client library in Python ([PyPI](https://pypi.python.org/pypi/pyacmedns/)): [https://github.com/joohoi/pyacmedns ](https://github.com/joohoi/pyacmedns )
2018-07-02 02:54:37 +07:00
- Generic client library in Go: [https://github.com/cpu/goacmedns ](https://github.com/cpu/goacmedns )
2018-03-15 18:40:45 +07:00
2018-03-18 21:01:46 +07:00
2016-12-05 05:35:51 +07:00
## Changelog
2024-04-11 02:51:51 +07:00
- v1.0
- New
- Refactoring of the codebase to something more robust
- Changed
- Updated dependencies
2019-10-19 02:24:56 +07:00
- v0.8
2019-10-21 02:52:19 +07:00
- NOTE: configuration option: "api_domain" deprecated!
- New
- Automatic HTTP API certificate provisioning using DNS challenges making acme-dns able to acquire certificates even with HTTP api not being accessible from public internet.
- Configuration value for "tls": "letsencryptstaging". Setting it will help you to debug possible issues with HTTP API certificate acquiring process. This is the new default value.
2019-10-19 02:24:56 +07:00
- Changed
- Fixed: EDNS0 support
2019-10-21 02:52:19 +07:00
- Migrated from autocert to [certmagic ](https://github.com/mholt/certmagic ) for HTTP API certificate handling
2019-02-07 14:58:07 +07:00
- v0.7.2
- Changed
- Fixed: Regression error of not being able to answer to incoming random-case requests.
- Fixed: SOA record added to a correct header field in NXDOMAIN responses.
2019-02-06 17:13:00 +07:00
- v0.7.1
- Changed
- Fixed: SOA record correctly added to the TCP DNS server when using both, UDP and TCP servers.
2019-02-04 01:32:02 +07:00
- v0.7
- New
- Added an endpoint to perform health checks
2018-12-13 17:19:10 +07:00
- Changed
- A new protocol selection for DNS server "both", that binds both - UDP and TCP ports.
2019-02-04 01:19:15 +07:00
- Refactored DNS server internals.
- Handle some aspects of DNS spec better.
2018-10-31 20:13:29 +07:00
- v0.6
2018-09-21 17:38:23 +07:00
- New
- Command line flag `-c` to specify location of config file.
2018-10-31 20:01:42 +07:00
- Proper refusal of dynamic update requests.
2018-10-31 20:13:29 +07:00
- Release signing
- Changed
- Better error messages for goroutines
2018-08-13 00:51:04 +07:00
- v0.5
- New
- Configurable certificate cache directory
- Changed
- Process wide umask to ensure created files are only readable by the user running acme-dns
- Replaced package that handles UUIDs because of a flaw in the original package
- Updated dependencies
- Better error messages
2018-03-15 05:47:36 +07:00
- v0.4 Clear error messages for bad TXT record content, proper handling of static CNAME records, fixed IP address parsing from the request, added option to disable registration endpoint in the configuration.
2018-02-01 21:10:24 +07:00
- v0.3.2 Dockerfile was fixed for users using autocert feature
- v0.3.1 Added goreleaser for distributing binary builds of the releases
2018-02-01 15:53:34 +07:00
- v0.3 Changed autocert to use HTTP-01 challenges, as TLS-SNI is disabled by Let's Encrypt
2018-01-22 17:47:26 +07:00
- v0.2 Now powered by httprouter, support wildcard certificates, Docker images
2016-12-05 05:35:51 +07:00
- v0.1 Initial release
2016-11-29 05:39:46 +07:00
## TODO
2016-11-15 04:53:58 +07:00
2016-12-03 16:33:43 +07:00
- Logging to a file
2018-01-22 17:47:26 +07:00
- DNSSEC
2016-11-29 05:43:24 +07:00
- Want to see something implemented, make a feature request!
2016-11-29 05:39:46 +07:00
## Contributing
2016-11-15 04:53:58 +07:00
2018-05-14 17:42:39 +07:00
acme-dns is open for contributions.
2018-01-22 17:47:26 +07:00
If you have an idea for improvement, please open an new issue or feel free to write a PR!
2016-11-15 04:53:58 +07:00
2016-11-29 05:39:46 +07:00
## License
2016-11-15 04:53:58 +07:00
2016-11-29 05:43:24 +07:00
acme-dns is released under the [MIT License ](http://www.opensource.org/licenses/MIT ).