Re: [dnsdist] dnsdist and Let's Encrypt (ACME)
> On Sep 15, 2019, at 1:40 AM, Stephane Bortzmeyer wrote: > > DNS challenges? I don't really want to switch my zones to a dynamic > setup. For places where adding or changing http was cumbersome or impossible, I setup a single dynamic zone just for the acme process. From the “real” zone you can CNAME the challenge name into the dynamic zone, so you don’t have to switch your “real” data to be managed dynamically. Ask___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] dnsdist and Let's Encrypt (ACME)
>certbot renew --standalone --deploy-hook >/usr/local/sbin/restart-dnsdist There is no need to restart dnsdist. /usr/sbin/dnsdist -e 'reloadAllCertificates()' is sufficient Winfried ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] dnsdist and Let's Encrypt (ACME)
On Sun, Sep 15, 2019 at 12:20:46PM +0200, Andrew Nimmo wrote a message of 72 lines which said: > The acme.sh script has a standalone mode, if you have port 80 open: Thanks, I forgot about that (and, indeed, port 80 was available). So I did: certbot certonly --standalone --domain doh.bortzmeyer.fr to have the initial certificate. Then, I configured dnsdist to use /etc/letsencrypt/live/doh.bortzmeyer.fr/fullchain.pem and then I set up this for the future renewals: certbot renew --standalone --deploy-hook /usr/local/sbin/restart-dnsdist Thanks again. ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist