blob: d8d51907db82afe46f906a457f7319e123a652a7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# dyndns setup http://www.btteknik.net/?p=143
ddns-confgen -s rfc2136.sijanec.eu.
# http://www.ipamworldwide.com/ipam/update-policy.html
vim /etc/bind/named.conf.local # here goes the update policy, change name to subdomain
touch /etc/bind/keyfile.conf
chmod 0660 /etc/bind/keyfile.conf
vim /etc/bind/keyfile.conf # here goes the key
# hook script https://blog.danman.eu/automatic-letsencrypt-wildcard-cert-renewal-with-nsupdate/
vim /etc/letsencrypt/hook.sh
#!/bin/bash
CREATE_DOMAIN="certbot.rfc2136.sijanec.eu."
echo "
server 127.0.0.1
update delete $CREATE_DOMAIN TXT
update add $CREATE_DOMAIN 1 TXT $CERTBOT_VALIDATION
send
" | nsupdate -k /etc/bind/keyfile.conf
if [ $CERTBOT_REMAINING_CHALLENGES -eq 0 ]
then
echo done, reloading server and waiting 30 seconds
rndc reload
sleep 30
fi
chmod +x /etc/letsencrypt/hook.sh
# v domenske zapise vseh domen je treba dodati:
# _acme-challenge IN CNAME certbot.rfc2136.sijanec.eu.
certbot certonly --reuse-key --manual --register-unsafely-without-email --preferred-challenges dns --manual-auth-hook /etc/letsencrypt/hook.sh -d sijanec.eu -d sijanec.org -d sijanec.net -d xn--ijanec-9jb.eu -d xn--ijanec-9jb.org -d xn--ijanec-9jb.net -d xn--ijanec-9jb.si -d xn--ijanec-9jb.com -d *.sijanec.eu -d *.sijanec.org -d *.sijanec.net -d *.xn--ijanec-9jb.eu -d *.xn--ijanec-9jb.org -d *.xn--ijanec-9jb.net -d *.xn--ijanec-9jb.si -d *.xn--ijanec-9jb.com -d gimb.tk -d *.gimb.tk -d xn--jha.ga -d *.xn--jha.ga
# more interesting info:
# https://certbot-dns-rfc2136.readthedocs.io/en/stable/ (per-domain setup required, no CNAMEs)
|
