infra/ansible-role-powerdns-letsencrypt
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added README

Browse source
This commit is contained in:
nd 2020-05-16 12:39:03 +02:00
parent b738896882
commit cd1e83b833
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
1 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
README.md Normal file
View file

@ -0,0 +1,19 @@
# PowerDNS - Letsencrypt
This role extends the PowerDNS role with another backend to handle Letsencrypt challanges.
## operation
We register a [PowerDNS pipe backend](https://doc.powerdns.com/authoritative/backends/pipe.html) and deploy a python script to serve it.
The script is stored at `/usr/local/bin/pdns.py`. This script processes queries matching the regex `^_acme-challenge\\.`.
It can also be called directly with `pdns.py <dns entry> <value>` to add challanges, for example `pdns.py "_acme-challenge.example.com" "R8aa0mt6cnCVLF6RHsSNxmDBzJffNCK6"`
Challanges older than two days are removed when a new entry is added.
## parameters
All config is to be placed inside the `powerdns` dict in another dict called `letsencrypthandler`
```
# path to save the internaly used sqlite database to
dbpath: '/var/lib/powerdns/letsencrypt/challenges.sqlite'
```