Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add DNS provider for SelfHost.(de|eu) #2278

Merged
merged 10 commits into from
Sep 20, 2024
Merged

Add DNS provider for SelfHost.(de|eu) #2278

merged 10 commits into from
Sep 20, 2024

Conversation

ldez
Copy link
Member

@ldez ldez commented Sep 18, 2024

  • adds a description to your PR
  • have a homogeneous design with the other providers
  • add tests (units)
  • add tests ("live")
  • add a provider descriptor
  • generate CLI help, documentation, and readme.
  • be able to do: (and put the output of this command to a comment)
    make build
    rm -rf .lego
    
    SELFHOSTDE_USERNAME=xxx \
    SELFHOSTDE_PASSWORD=yyy \
    SELFHOSTDE_RECORDS_MAPPING=example.com:123:456 \
    ./dist/lego -m your@email.com --dns selfhostde -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run
    Note the wildcard domain is important.
  • pass the linter
  • do go mod tidy

Ping @aifrog, can you run the command (with your domain, email, credentials, etc.)?

-> #2278 (comment)

Closes #2277

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@ldez ldez marked this pull request as draft September 18, 2024 15:47
@aifrog

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@aifrog

This comment was marked as outdated.

@ldez

This comment was marked as outdated.

@ldez
Copy link
Member Author

ldez commented Sep 19, 2024

You need to create 2 TXT records for the same domain (_acme-challenge.example.com) to have 2 different IDs.

SELFHOSTDE_USERNAME=xxx \
SELFHOSTDE_PASSWORD=yyy \
SELFHOSTDE_RECORDS_MAPPING=example.com:<RECORD_ID1>:<RECORD_ID2>  \
./dist/lego -m xxx@example.com --dns.resolvers 1.1.1.1 --dns selfhostde -d *.example.com -d example.com -s https://acme-staging-v02.api.letsencrypt.org/directory run

@aifrog
Copy link

aifrog commented Sep 19, 2024

Thats it. Works:

SELFHOSTDE_USERNAME=1234 SELFHOSTDE_PASSWORD=1234 SELFHOSTDE_RECORDS_MAPPING=bbb.ccc:1234:1234 SELFHOSTDE_PROPAGATION_TIMEOUT=240 SELFHOSTDE_POLLING_INTERVAL=30 ./dist/lego -m xxx@bbb.ccc --dns.resolvers 1.1.1.1 --dns selfhostde -d *.bbb.ccc -d bbb.ccc -s https://acme-staging-v02.api.letsencrypt.org/directory run
2024/09/19 23:10:30 No key found for account xxx@bbb.ccc. Generating a P256 key.
2024/09/19 23:10:30 Saved key to /home/xxx/lego/.lego/accounts/acme-staging-v02.api.letsencrypt.org/xxx@bbb.ccc/keys/xxx@bbb.ccc.key
2024/09/19 23:10:31 Please review the TOS at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf
Do you accept the TOS? Y/n
Y
2024/09/19 23:10:35 [INFO] acme: Registering account for xxx@bbb.ccc
!!!! HEADS UP !!!!

Your account credentials have been saved in your Let's Encrypt
configuration directory at "/home/xxx/lego/.lego/accounts".

You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let's Encrypt so making regular
backups of this folder is ideal.
2024/09/19 23:10:35 [INFO] [*.bbb.ccc, bbb.ccc] acme: Obtaining bundled SAN certificate
2024/09/19 23:10:36 [INFO] [*.bbb.ccc] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/14075870753
2024/09/19 23:10:36 [INFO] [bbb.ccc] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/14075870763
2024/09/19 23:10:36 [INFO] [*.bbb.ccc] acme: use dns-01 solver
2024/09/19 23:10:36 [INFO] [bbb.ccc] acme: Could not find solver for: tls-alpn-01
2024/09/19 23:10:36 [INFO] [bbb.ccc] acme: Could not find solver for: http-01
2024/09/19 23:10:36 [INFO] [bbb.ccc] acme: use dns-01 solver
2024/09/19 23:10:36 [INFO] [*.bbb.ccc] acme: Preparing to solve DNS-01
2024/09/19 23:10:51 [INFO] [bbb.ccc] acme: Preparing to solve DNS-01
2024/09/19 23:10:53 [INFO] [*.bbb.ccc] acme: Trying to solve DNS-01
2024/09/19 23:11:23 [INFO] Wait for propagation [timeout: 4m0s, interval: 30s]n. [nameservers=1.1.1.1:53]
2024/09/19 23:11:31 [INFO] [*.bbb.ccc] The server validated our request
2024/09/19 23:11:31 [INFO] [bbb.ccc] acme: Trying to solve DNS-01
2024/09/19 23:11:31 [INFO] [bbb.ccc] acme: Checking DNS record propagation. [nameservers=1.1.1.1:53]
2024/09/19 23:12:01 [INFO] Wait for propagation [timeout: 4m0s, interval: 30s]
2024/09/19 23:12:07 [INFO] [bbb.ccc] The server validated our request
2024/09/19 23:12:07 [INFO] [*.bbb.ccc] acme: Cleaning DNS-01 challenge
2024/09/19 23:12:08 [INFO] [bbb.ccc] acme: Cleaning DNS-01 challenge
2024/09/19 23:12:08 [INFO] [*.bbb.ccc, bbb.ccc] acme: Validations succeeded; requesting certificates
2024/09/19 23:12:08 [INFO] Wait for certificate [timeout: 30s, interval: 500ms]
2024/09/19 23:12:10 [INFO] [*.bbb.ccc] Server responded with a certificate.

@ldez ldez removed the state/need-user-tests Need users to test functionality label Sep 19, 2024
@ldez ldez added this to the v4.19 milestone Sep 19, 2024
@ldez ldez requested a review from dmke September 19, 2024 21:19
@ldez ldez marked this pull request as ready for review September 19, 2024 21:52
Copy link
Member

@dmke dmke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've reworded the documentation a bit. Let me know if you disagree or have further notes. Otherwise this looks OK. 👍

providers/dns/selfhostde/internal/readme.md Outdated Show resolved Hide resolved
providers/dns/selfhostde/selfhostde.toml Outdated Show resolved Hide resolved
providers/dns/selfhostde/selfhostde.toml Outdated Show resolved Hide resolved
@ldez ldez requested a review from dmke September 19, 2024 22:29
@ldez ldez merged commit 20c8d6c into go-acme:master Sep 20, 2024
4 checks passed
@ldez ldez deleted the selfhostde branch September 20, 2024 11:46
@aifrog
Copy link

aifrog commented Oct 3, 2024

Just a short question: I want to use this in traefik and do have v3.2.0-rc1 running. However, i still get the error="cannot get ACME client unrecognized DNS provider: selfhostde". Is this a configuration issue or is this code not yet part of v3.2.0-rc1?

@ldez
Copy link
Member Author

ldez commented Oct 3, 2024

The provider is not yet available inside Traefik.

I should create a release of lego before.

@aifrog
Copy link

aifrog commented Oct 13, 2024

I understand, that you have released by now. Correct? But I can't see it yet in traefik (v3.2.0-rc2). Do I need to wait or is it my mistake?

@ldez
Copy link
Member Author

ldez commented Oct 13, 2024

lego has been updated inside Traefik, but you must wait for the next Traefik release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

Support for selfhost
3 participants