From 08d3190a6c0dfd5847a2b4b9b868085e57618086 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 29 Nov 2016 01:06:16 +0200 Subject: [PATCH] Update README.md --- README.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 8dc4b80..9104efc 100644 --- a/README.md +++ b/README.md @@ -2,16 +2,6 @@ A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. -## Usage - -Using acme-dns is a three-step process (provided you already have the server set up, or are using a service): - -- Get credentials and unique subdomain (simple GET request to https://auth.exmaple.org/register) -- Create a (ACME magic) CNAME record to your existing zone, pointing to the subdomain you got from the registration. (eg. `_acme-challenge.domainiwantcertfor.tld. CNAME a097455b-52cc-4569-90c8-7a4b97c6eba8.auth.example.org` ) -- Use your credentials to POST a new DNS challenge values to an acme-dns server for the CA to validate them off of. - -After that, crontab and forget. - ## Why? Many DNS servers do not provide an API to enable automation for the ACME DNS challenges. And those which do, give the keys way too much power to leave them laying around your random boxes, which sadly would be required to have a meaningful way to automate the process. @@ -25,6 +15,16 @@ So basically it boils down to **accessibility** and **security** - Simple deployment (it's Go after all) - Supports SQLite & PostgreSQL as DB backends +## Usage + +Using acme-dns is a three-step process (provided you already have the server set up, or are using a service): + +- Get credentials and unique subdomain (simple GET request to https://auth.exmaple.org/register) +- Create a (ACME magic) CNAME record to your existing zone, pointing to the subdomain you got from the registration. (eg. `_acme-challenge.domainiwantcertfor.tld. CNAME a097455b-52cc-4569-90c8-7a4b97c6eba8.auth.example.org` ) +- Use your credentials to POST a new DNS challenge values to an acme-dns server for the CA to validate them off of. + +After that, crontab and forget. + ## API ### Register endpoint