Re: [Astlinux-users] Securing DNS API Keys when using ACME

Sat, 14 Aug 2021 16:01:59 -0700 

Thanks Lonnie

Yes certainly using the Github page.

Regards
Michael Knill

On 15/8/21, 1:52 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:

    Hey Michael,

    Looking forward to hearing how acme-dns works for you.  AstLinux's 
acme-client (acme.sh) has a plugin for acme-dns, usage: --dns dns_acmedns

    The acme-dns author "Joona Hoikkala" wrote an EFF article [1] "Securing the 
Automation of ACME DNS Challenge Validation"

    BTW, I would use the acme-dns Github page [2] for info rather then the 
nethserver wiki article you referenced.

    Lonnie

    [1] 
https://www.eff.org/deeplinks/2018/02/technical-deep-dive-securing-automation-acme-dns-challenge-validation

    [2] https://github.com/joohoi/acme-dns/



    > On Aug 13, 2021, at 10:33 PM, Michael Knill 
<michael.kn...@ipcsolutions.com.au> wrote:
    > 
    > Actually decided that I will give acme-dns a try: 
https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_acme-dns
    > Will report how I go.
    >  
    > Regards
    > Michael Knill
    >  
    > From: Michael Knill <michael.kn...@ipcsolutions.com.au>
    > Reply to: AstLinux List <astlinux-users@lists.sourceforge.net>
    > Date: Saturday, 14 August 2021 at 12:29 pm
    > To: AstLinux List <astlinux-users@lists.sourceforge.net>
    > Subject: [Astlinux-users] Securing DNS API Keys when using ACME
    >  
    > Hi Group
    >  
    > I'm looking to move away from Wildcard SSL and move back to ACME Lets 
Encrypt to ensure a unique cert for all our systems. The reason is that we have 
built our new Mobile Softphone solution which is heavily reliant heavily on TLS 
 for provisioning and SIP.
    >  
    > As such, I want to set this up but I am concerned that if one of our 
systems was compromised (we have quite a few now), this will allow an attacker 
to do bad stuff to our DNS (currently GoDaddy). I understand that some DNS 
providers may be able to restrict what you can do with the API but just 
wondering if anyone has any better ideas?
    >  
    > Regards
    >  
    > Michael Knill
    > Managing Director
    >  
    > D: +61 2 6189 1360
    > P: +61 2 6140 4656
    > E: michael.kn...@ipcsolutions.com.au
    > W: ipcsolutions.com.au
    >  
    >  <image001.png>
    > Smarter Business Communications
    >  
    > _______________________________________________
    > Astlinux-users mailing list
    > Astlinux-users@lists.sourceforge.net
    > https://lists.sourceforge.net/lists/listinfo/astlinux-users
    > 
    > Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.



    _______________________________________________
    Astlinux-users mailing list
    Astlinux-users@lists.sourceforge.net
    https://lists.sourceforge.net/lists/listinfo/astlinux-users

    Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.


_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to