On 4/26/17 11:02 AM, Stuart Henderson wrote:
On 2017-04-25, Adam Thompson <athom...@athompso.net> wrote:
On 2017-04-25 05:27, Stuart Henderson wrote:
* If you want to do dns-01 challenge with acme-client, you'll need to
use Kristaps' version for now, base acme-client only supports the
standard http challenge type. The UI isn't the simplest; use
'-t dns-01', then it outputs "dns-01 domainname token.key", then
you convert token.key into a suitable format for a DNS TXT record:
"echo -n token.key | sha256 -b | tr -d = | tr + - | tr / _"
Get the record to the nameserver, then send the whole "dns-01
domainname token.key" line back to acme-client, and cross fingers.
If there are too many errors you'll lock yourself out for a period,
so test with the staging server first.
I haven't seen anyone mention acme.sh yet--a shell script for
letsencrypt with no external dependencies.
https://github.com/Neilpang/acme.sh
It was trivial for me to write a dns api script for djbdns--very handy
to have to bootstrap a new domain without previously setting up http in
apache2 first.
I'd send that out to anyone interested--ask me off list.
Jeff
