1
0
mirror of https://github.com/go-acme/lego.git synced 2024-12-23 01:07:23 +02:00
lego/docs/content/dns/zz_gen_rfc2136.md
Ludovic Fernandez f514292c46
rfc2136: add support for tsig-keygen generated file (#2330)
Co-authored-by: Dominik Menke <git@dmke.org>
2024-11-09 22:46:22 +01:00

2.9 KiB

title date draft slug dnsprovider
RFC2136 2019-03-03T16:39:46+01:00 false rfc2136
since code url
v0.3.0 rfc2136 https://www.rfc-editor.org/rfc/rfc2136.html

Configuration for RFC2136.

  • Code: rfc2136
  • Since: v0.3.0

Here is an example bash command using the RFC2136 provider:

RFC2136_NAMESERVER=127.0.0.1 \
RFC2136_TSIG_KEY=example.com \
RFC2136_TSIG_ALGORITHM=hmac-sha256. \
RFC2136_TSIG_SECRET=YWJjZGVmZGdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU= \
lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run

## ---

keyname=example.com; keyfile=example.com.key; tsig-keygen $keyname > $keyfile

RFC2136_NAMESERVER=127.0.0.1 \
RFC2136_TSIG_FILE="$keyfile" \
lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run

Credentials

Environment Variable Name Description
RFC2136_NAMESERVER Network address in the form "host" or "host:port"
RFC2136_TSIG_ALGORITHM TSIG algorithm. See miekg/dns#tsig.go for supported values. To disable TSIG authentication, leave the RFC2136_TSIG_KEY or RFC2136_TSIG_SECRET variables unset.
RFC2136_TSIG_KEY Name of the secret key as defined in DNS server configuration. To disable TSIG authentication, leave the RFC2136_TSIG_KEY variable unset.
RFC2136_TSIG_SECRET Secret key payload. To disable TSIG authentication, leave the RFC2136_TSIG_SECRET variable unset.

The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information [here]({{% ref "dns#configuration-and-credentials" %}}).

Additional Configuration

Environment Variable Name Description
RFC2136_DNS_TIMEOUT API request timeout
RFC2136_POLLING_INTERVAL Time between DNS propagation check
RFC2136_PROPAGATION_TIMEOUT Maximum waiting time for DNS propagation
RFC2136_SEQUENCE_INTERVAL Time between sequential requests
RFC2136_TSIG_FILE Path to a key file generated by tsig-keygen
RFC2136_TTL The TTL of the TXT record used for the DNS challenge

The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information [here]({{% ref "dns#configuration-and-credentials" %}}).

More information