infra/ansible-role-powerdns-letsencrypt
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add token support to script to support ssh forced commands with tokens

Browse source
This commit is contained in:
nd 2020-06-27 04:54:17 +02:00
parent cd1e83b833
commit 7dcf71c3ab
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
4 changed files with 108 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -1,13 +1,14 @@
# PowerDNS - Letsencrypt
This role extends the PowerDNS role with another backend to handle Letsencrypt challanges.
This role extends the PowerDNS role with another backend to handle Letsencrypt challenges.
## operation
We register a [PowerDNS pipe backend](https://doc.powerdns.com/authoritative/backends/pipe.html) and deploy a python script to serve it.
The script is stored at `/usr/local/bin/pdns.py`. This script processes queries matching the regex `^_acme-challenge\\.`.
It can also be called directly with `pdns.py <dns entry> <value>` to add challanges, for example `pdns.py "_acme-challenge.example.com" "R8aa0mt6cnCVLF6RHsSNxmDBzJffNCK6"`
Challanges older than two days are removed when a new entry is added.
It can also be called directly with `pdns.py add_challenge <dns entry> <value>` to add challenges, for example `pdns.py add_challenge "_acme-challenge.example.com" "R8aa0mt6cnCVLF6RHsSNxmDBzJffNCK6"`
Challenges older than two days are removed when a new entry is added.
This can be automated using tokens (see `pdns.py --help`) and ssh forced commands.
## parameters