infra/ansible-role-powerdns-letsencrypt
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
12 commits 1 branch 0 tags 48 KiB
Find a file
Exact
Julian Rother 5ef7d7ddb4
Bookworm compatibility 
New PowerDNS versions enable the newly introduced zone caching per default.
With zone caching enabled, PowerDNS refuses to start if any configured
backend does not support zone caching. This disables zone caching while
maintaining compatability with Debian Bullseye.
2023-10-17 23:45:28 +02:00
defaults Initial commit 2019-09-30 01:46:14 +02:00
meta Initial commit 2019-09-30 01:46:14 +02:00
tasks fix folder permissions 2021-08-17 02:40:49 +02:00
templates add token support to script to support ssh forced commands with tokens 2020-06-27 04:54:17 +02:00
vars Bookworm compatibility 2023-10-17 23:45:28 +02:00
README.md add token support to script to support ssh forced commands with tokens 2020-06-27 04:54:17 +02:00

README.md

PowerDNS - Letsencrypt

This role extends the PowerDNS role with another backend to handle Letsencrypt challenges.

operation

We register a PowerDNS pipe backend and deploy a python script to serve it. The script is stored at /usr/local/bin/pdns.py. This script processes queries matching the regex ^_acme-challenge\\.. It can also be called directly with pdns.py add_challenge <dns entry> <value> to add challenges, for example pdns.py add_challenge "_acme-challenge.example.com" "R8aa0mt6cnCVLF6RHsSNxmDBzJffNCK6" Challenges older than two days are removed when a new entry is added. This can be automated using tokens (see pdns.py --help) and ssh forced commands.

parameters

All config is to be placed inside the powerdns dict in another dict called letsencrypthandler

# path to save the internaly used sqlite database to
dbpath: '/var/lib/powerdns/letsencrypt/challenges.sqlite'