forked from TrueCloudLab/lego
dfdc625f8f
* RFC2136 example This small patch adds an example to the RFC2136 provider. * review and generate. Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
79 lines
2.7 KiB
Markdown
79 lines
2.7 KiB
Markdown
---
|
|
title: "RFC2136"
|
|
date: 2019-03-03T16:39:46+01:00
|
|
draft: false
|
|
slug: rfc2136
|
|
---
|
|
|
|
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
|
|
<!-- providers/dns/rfc2136/rfc2136.toml -->
|
|
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
|
|
|
|
Since: v0.3.0
|
|
|
|
Configuration for [RFC2136](https://tools.ietf.org/html/rfc2136).
|
|
|
|
|
|
<!--more-->
|
|
|
|
- Code: `rfc2136`
|
|
|
|
Here is an example bash command using the RFC2136 provider:
|
|
|
|
```bash
|
|
RFC2136_NAMESERVER=127.0.0.1 \
|
|
RFC2136_TSIG_KEY=lego \
|
|
RFC2136_TSIG_ALGORITHM=hmac-sha256. \
|
|
RFC2136_TSIG_SECRET=YWJjZGVmZGdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU= \
|
|
lego --email myemail@example.com --dns rfc2136 --domains my.example.org run
|
|
|
|
## ---
|
|
|
|
keyname=lego; keyfile=lego.key; tsig-keygen $keyname > $keyfile
|
|
|
|
RFC2136_NAMESERVER=127.0.0.1 \
|
|
RFC2136_TSIG_KEY="$keyname" \
|
|
RFC2136_TSIG_ALGORITHM="$( awk -F'[ ";]' '/algorithm/ { print $2 }' $keyfile )." \
|
|
RFC2136_TSIG_SECRET="$( awk -F'[ ";]' '/secret/ { print $3 }' $keyfile )" \
|
|
lego --email myemail@example.com --dns rfc2136 --domains my.example.org run
|
|
```
|
|
|
|
|
|
|
|
|
|
## Credentials
|
|
|
|
| Environment Variable Name | Description |
|
|
|-----------------------|-------------|
|
|
| `RFC2136_NAMESERVER` | Network address in the form "host" or "host:port" |
|
|
| `RFC2136_TSIG_ALGORITHM` | TSIG algorithm. See [miekg/dns#tsig.go](https://github.com/miekg/dns/blob/master/tsig.go) for supported values. To disable TSIG authentication, leave the `RFC2136_TSIG*` variables unset. |
|
|
| `RFC2136_TSIG_KEY` | Name of the secret key as defined in DNS server configuration. To disable TSIG authentication, leave the `RFC2136_TSIG*` variables unset. |
|
|
| `RFC2136_TSIG_SECRET` | Secret key payload. To disable TSIG authentication, leave the` RFC2136_TSIG*` variables unset. |
|
|
|
|
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
|
More information [here](/lego/dns/#configuration-and-credentials).
|
|
|
|
|
|
## Additional Configuration
|
|
|
|
| Environment Variable Name | Description |
|
|
|--------------------------------|-------------|
|
|
| `RFC2136_DNS_TIMEOUT` | API request timeout |
|
|
| `RFC2136_POLLING_INTERVAL` | Time between DNS propagation check |
|
|
| `RFC2136_PROPAGATION_TIMEOUT` | Maximum waiting time for DNS propagation |
|
|
| `RFC2136_SEQUENCE_INTERVAL` | Interval between iteration |
|
|
| `RFC2136_TTL` | The TTL of the TXT record used for the DNS challenge |
|
|
|
|
The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
|
|
More information [here](/lego/dns/#configuration-and-credentials).
|
|
|
|
|
|
|
|
|
|
## More information
|
|
|
|
- [API documentation](https://tools.ietf.org/html/rfc2136)
|
|
|
|
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
|
|
<!-- providers/dns/rfc2136/rfc2136.toml -->
|
|
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->
|