github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Added Technitium DNS to the Lexicon DNS API Wiki page

master
SlothCroissant 2024-10-27 23:14:59 -05:00
parent 11847d7cac
commit 219dc2807d
1 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
How-to-use-lexicon-DNS-API.md

@ -21,6 +21,8 @@ You can check its project page: https://github.com/AnalogJ/lexicon
You must install `python` and `lexicon` before using it.
For more examples, please check lexicon page: https://github.com/AnalogJ/lexicon
## Examples:
### 1. Using lexicon cloudflare api:
```
@ -51,7 +53,37 @@ export LEXICON_TRANSIP_API_KEY="/path/to/file.key"
acme.sh --issue -d test.acme.sh --dns dns_lexicon
```
For more examples, please check lexicon page: https://github.com/AnalogJ/lexicon
### 4. Using Technitium DNS via Lexicon `ddns` API:
In this example, we request a DNS-01-challenged ACME certificate using a custom (internal) ACME server via the Lexicon API via [Technitium DNS](https://technitium.com/dns/). Note that we use `--dnssleep 0` to skip the public DNS check (since this is for an internal DNS setup).
There are some prerequisites to setup TSIG within Technitium. In Technitium's Web UI:
* Create a TSIG Key via Settings>TSIG. Set `<KeyName>`, `<Algorithm>`, and optionally `<SharedSecret>` (if you don't set Shared Secret, Technitium will create one for you when you click "Save"). For example:
* KeyName: `lexicon`
* SharedSecret: `12345abcde` (NOTE: this is just an example!)
* Algorithm: `HMAC-SHA256`
* Enable Zone Transfer and Dynamic Updates at Zones > `example.com` > Options > Zone Options.
* [Zone Transfer tab] Zone Transfer: `Allow`
* [Zone Transfer tab] Zone Transfer TSIG Key Names: `<KeyName>` from above - optionally you can select your KeyName from "Quick Add" menu
* [Dynamic Updates tab] Dynamic Updates: `Allow` (use "Specified IP Addresses" if possible)
* [Dynamic Updates tab] Add a security policy with the following options:
* TSIG Key Name: `<KeyName>`
* Domain Name: `*.example.com`
* Allowed Record Types: `TXT`
In your `acme.sh` CLI session:
```
export PROVIDER=ddns
# Format: export LEXICON_DDNS_DDNS_SERVER=<DNS Server IP>
export LEXICON_DDNS_DDNS_SERVER=10.1.0.5
# Format: export LEXICON_DDNS_TOKEN=<Algorithm>:<KeyName>:<SharedSecret>
export LEXICON_DDNS_TOKEN=hmac-sha256:lexicon:12345abcde
acme.sh --issue \
-d test.example.com \
--dns dns_lexicon \
--server https://hcv.ff.lan/v1/pki_int/acme/directory \
--dnssleep 0
```