Re: [dnsdist] dnsdist and Let's Encrypt (ACME)

2019-09-16 Thread Stephane Bortzmeyer
On Sun, Sep 15, 2019 at 07:14:10PM +0200, ab...@t-ipnet.net wrote a message of 12 lines which said: > There is no need to restart dnsdist. > > /usr/sbin/dnsdist -e 'reloadAllCertificates()' If you have configured the console. Otherwise: The currently configured console key is not valid,

Re: [dnsdist] dnsdist and Let's Encrypt (ACME)

2019-09-15 Thread Ask Bjørn Hansen
> On Sep 15, 2019, at 1:40 AM, Stephane Bortzmeyer wrote: > > DNS challenges? I don't really want to switch my zones to a dynamic > setup. For places where adding or changing http was cumbersome or impossible, I setup a single dynamic zone just for the acme process. From the “real” zone

Re: [dnsdist] dnsdist and Let's Encrypt (ACME)

2019-09-15 Thread abang
>certbot renew --standalone --deploy-hook >/usr/local/sbin/restart-dnsdist There is no need to restart dnsdist. /usr/sbin/dnsdist -e 'reloadAllCertificates()' is sufficient Winfried ___ dnsdist mailing list dnsdist@mailman.powerdns.com

Re: [dnsdist] dnsdist and Let's Encrypt (ACME)

2019-09-15 Thread Stephane Bortzmeyer
On Sun, Sep 15, 2019 at 12:20:46PM +0200, Andrew Nimmo wrote a message of 72 lines which said: > The acme.sh script has a standalone mode, if you have port 80 open: Thanks, I forgot about that (and, indeed, port 80 was available). So I did: certbot certonly --standalone --domain

Re: [dnsdist] dnsdist and Let's Encrypt (ACME)

2019-09-15 Thread Andrew Nimmo
> On 15 Sep 2019, at 10:40, Stephane Bortzmeyer wrote: > > [I believe I've checked the available documentation, and found > nothing. Sorry, if I missed it.] > > My dnsdist setup (DoT and DoH) uses a CAcert certificate and it works > fine. Now, I would like to move to Let's Encrypt but I do not