infra/ansible-role-powerdns-letsencrypt
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
9 commits 1 branch 0 tags 48 KiB
Find a file
nd a8cf3a5b4b
ensure db is created
2020-07-04 12:11:40 +02:00
defaults Initial commit 2019-09-30 01:46:14 +02:00
meta Initial commit 2019-09-30 01:46:14 +02:00
tasks ensure db is created 2020-07-04 12:11:40 +02:00
templates add token support to script to support ssh forced commands with tokens 2020-06-27 04:54:17 +02:00
vars add token support to script to support ssh forced commands with tokens 2020-06-27 04:54:17 +02:00
README.md add token support to script to support ssh forced commands with tokens 2020-06-27 04:54:17 +02:00

README.md

PowerDNS - Letsencrypt

This role extends the PowerDNS role with another backend to handle Letsencrypt challenges.

operation

We register a PowerDNS pipe backend and deploy a python script to serve it. The script is stored at /usr/local/bin/pdns.py. This script processes queries matching the regex ^_acme-challenge\\.. It can also be called directly with pdns.py add_challenge <dns entry> <value> to add challenges, for example pdns.py add_challenge "_acme-challenge.example.com" "R8aa0mt6cnCVLF6RHsSNxmDBzJffNCK6" Challenges older than two days are removed when a new entry is added. This can be automated using tokens (see pdns.py --help) and ssh forced commands.

parameters

All config is to be placed inside the powerdns dict in another dict called letsencrypthandler

# path to save the internaly used sqlite database to
dbpath: '/var/lib/powerdns/letsencrypt/challenges.sqlite'