mirror of
https://github.com/go-acme/lego.git
synced 2024-12-23 01:07:23 +02:00
f514292c46
Co-authored-by: Dominik Menke <git@dmke.org>
2.9 KiB
2.9 KiB
title | date | draft | slug | dnsprovider | ||||||
---|---|---|---|---|---|---|---|---|---|---|
RFC2136 | 2019-03-03T16:39:46+01:00 | false | rfc2136 |
|
Configuration for RFC2136.
- Code:
rfc2136
- Since: v0.3.0
Here is an example bash command using the RFC2136 provider:
RFC2136_NAMESERVER=127.0.0.1 \
RFC2136_TSIG_KEY=example.com \
RFC2136_TSIG_ALGORITHM=hmac-sha256. \
RFC2136_TSIG_SECRET=YWJjZGVmZGdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU= \
lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run
## ---
keyname=example.com; keyfile=example.com.key; tsig-keygen $keyname > $keyfile
RFC2136_NAMESERVER=127.0.0.1 \
RFC2136_TSIG_FILE="$keyfile" \
lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run
Credentials
Environment Variable Name | Description |
---|---|
RFC2136_NAMESERVER |
Network address in the form "host" or "host:port" |
RFC2136_TSIG_ALGORITHM |
TSIG algorithm. See miekg/dns#tsig.go for supported values. To disable TSIG authentication, leave the RFC2136_TSIG_KEY or RFC2136_TSIG_SECRET variables unset. |
RFC2136_TSIG_KEY |
Name of the secret key as defined in DNS server configuration. To disable TSIG authentication, leave the RFC2136_TSIG_KEY variable unset. |
RFC2136_TSIG_SECRET |
Secret key payload. To disable TSIG authentication, leave the RFC2136_TSIG_SECRET variable unset. |
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
More information [here]({{% ref "dns#configuration-and-credentials" %}}).
Additional Configuration
Environment Variable Name | Description |
---|---|
RFC2136_DNS_TIMEOUT |
API request timeout |
RFC2136_POLLING_INTERVAL |
Time between DNS propagation check |
RFC2136_PROPAGATION_TIMEOUT |
Maximum waiting time for DNS propagation |
RFC2136_SEQUENCE_INTERVAL |
Time between sequential requests |
RFC2136_TSIG_FILE |
Path to a key file generated by tsig-keygen |
RFC2136_TTL |
The TTL of the TXT record used for the DNS challenge |
The environment variable names can be suffixed by _FILE
to reference a file instead of a value.
More information [here]({{% ref "dns#configuration-and-credentials" %}}).