Path to this page:
./
wip/acme-dns,
Simplified DNS server to automate ACME DNS challenges
Branch: CURRENT,
Version: 1.0,
Package name: acme-dns-1.0,
Maintainer: pkgsrc-usersA simplified DNS server with a RESTful HTTP API to provide a simple
way to automate ACME DNS challenges.
Many DNS servers do not provide an API to enable automation for the
ACME DNS challenges. Those which do, give the keys way too much power.
Leaving the keys laying around your random boxes is too often a
requirement to have a meaningful process automation.
Acme-dns provides a simple API exclusively for TXT record updates and
should be used with ACME magic "\_acme-challenge" - subdomain CNAME
records. This way, in the unfortunate exposure of API keys, the
effects are limited to the subdomain TXT record in question.
So basically it boils down to **accessibility** and **security**.
For longer explanation of the underlying issue and other proposed
solutions, see a blog post on the topic from EFF deeplinks blog:
https://www.eff.org/deeplinks/2018/02/technical-deep-dive-securing-automation-acme-dns-challenge-validation
Master sites:
Filesize: 54.309 KB
Version history: (Expand)
- (2024-06-14) Package added to pkgsrc.se, version acme-dns-1.0 (created)