Authentication with regex-based authorization for PowerDNS 4.1, designed for CertBot.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
scripts Add some documentation Sep 28, 2018
vendor Bump to latest version of go-powerdns Aug 17, 2018
.gitignore
.travis.yml Bump to Golang 1.11 Oct 1, 2018
Gopkg.lock Bump to latest version of go-powerdns Aug 17, 2018
Gopkg.toml Initialize go dependencies Jul 6, 2018
LICENSE MIT License Oct 12, 2018
Makefile Initialize go dependencies Jul 6, 2018
README.md Add some documentation Sep 28, 2018
authenticate.go
cleanup.go Add some documentation Sep 28, 2018
config.dist.yml Test scenario for config.go Jun 27, 2018
config.go Add some documentation Sep 28, 2018
config_test.go Make FQDN configuration explicit Jul 6, 2018
docker-compose.yml Latest MariaDB and PowerDNS using Docker Compose Sep 2, 2018
health.go
main.go Add some documentation Sep 28, 2018

README.md

CertBot PowerDNS Proxy

Authentication with regex-based authorization for PowerDNS 4.1, designed for CertBot.

Build Status Go Report Card

Setup

Install from source

You need go and GOBIN in your PATH. Once that is done, install dyndns-pdns using the following command:

go get -u github.com/joeig/certbot-pdns-proxy

After that, copy config.dist.yml to config.yml, replace the default settings and run the binary:

certbot-pdns-proxy -config=/path/to/config.yml

If you're intending to add the application to your systemd runlevel, you may want to take a look at scripts/certbot-pdns-proxy.service.

Usage

Use in combination with CertBot

Deploy scripts/authenticator.sh and scripts/cleanup.sh on your servers and change the proxy URL.

You need to add your API credentials to ~/.netrc as following:

machine 127.0.0.1
  login foo
  password bar

Pass the scripts to CertBot:

certbot certonly --manual --preferred-challenges=dns --manual-auth-hook /path/to/authenticator.sh --manual-cleanup-hook /path/to/cleanup.sh -d secure.example.com

FAQ

  • Q: How can I increase the SOA's serial automatically?
    A: Set the SOA-EDIT-API metadata to a value of your choice, for instance pdnsutil set-meta example.com SOA-EDIT-API INCEPTION-INCREMENT. There might be a default setting in the future.