From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 17903 invoked from network); 11 Sep 2021 20:27:41 -0000 Received: from 4ess.inri.net (216.126.196.42) by inbox.vuxu.org with ESMTPUTF8; 11 Sep 2021 20:27:41 -0000 Received: from mimir.eigenstate.org ([206.124.132.107]) by 4ess; Sat Sep 11 16:18:07 -0400 2021 Received: from stockyard.org (cpe-68-174-86-38.nyc.res.rr.com [68.174.86.38]) by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id 8e8ea3a6 (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO) for <9front@9front.org>; Sat, 11 Sep 2021 13:10:50 -0700 (PDT) Message-ID: <9705D2B8CA00D1F56C54260845913A58@eigenstate.org> To: 9front@9front.org Date: Sat, 11 Sep 2021 16:10:48 -0400 From: ori@eigenstate.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: full-stack database table injection-scale table Subject: [9front] acmed: dns support. Reply-To: 9front@9front.org Precedence: bulk Today, I finally finished adding dns support to acmed. To use it, you'll need to have a functioning DNS server running. Then, when you tell it to use dns, acmed will write a snippet that defines the required dns records. By default, this will be put into: /lib/ndb/dnschallenge which you will need to include with: database= <...previous contents...> file=/lib/ndb/dnschallenge From there, you just run acmed as usual, but with an additional parameter so that it knows the domain name: acmed -t dns \ you@example.com \ /path/to/csr \ domain.com and it will handle generating the challenge and telling the dns server to refresh. Caveat: this needs to run as the same user as the dns server (typically hostowner). Other than updating the manpage with an example of doing a DNS challenge, I think that this is more or less ready to commit to 9front.