acme-dns | Limited DNS server with RESTful HTTP API | DNS library
kandi X-RAY | acme-dns Summary
kandi X-RAY | acme-dns Summary
Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of acme-dns
acme-dns Key Features
acme-dns Examples and Code Snippets
Community Discussions
Trending Discussions on acme-dns
QUESTION
I am trying to cross compile https://github.com/joohoi/acme-dns for an aarch64 machine on my x86_64 desktop.
...ANSWER
Answered 2021-Sep-15 at 19:38Problem reproduced, and resolved by replacing -ldflags="-extld=$CC" with -ldflags="-extld=aarch64-linux-gnu-gcc".
Alternatively, you can also export the CC variable beforehand.
The error output was caused by mismatching linker (with your original build command, it was still the x86-64 linker that got invoked).
Tested on two hosts of mine: one Ubuntu 20.04 + go1.13, the other Ubuntu 18.04 + go1.16.
More explanations:
Seems that the in-line CC env variable setting is passed to the go tool, but not used in the shell's parameter substitution. The following output (Bash 5.0) demonstrates this:
QUESTION
i am following this doc https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/ to setup docker traefik using the dns acme challenge for letsencrypt
i am able to have the certs generated by each service that request it dynamically and in the logs it shows
...ANSWER
Answered 2021-Aug-10 at 15:28All the configurations are correct, only issue was to switch away from the staging servers to test it live
commented the following lines in traefik_docker_compose.yaml file
QUESTION
I'm currently using Traefik and Lego in order to have HTTPS connection for my docker containers (as mentioned here) In the following documentation, it's mentioned that I need to use the following provider to do DNS Challenge.
But I get this error:
...ANSWER
Answered 2021-Jun-27 at 20:14The error message tells that Lego made the request using the IAM role assigned to your lightsail instance. I guess your instance lacks permissions to modify DNS settings for lightsail.
You should create a new user in AWS IAM and enable programmatic access in order to obtain AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
Then, pass those values as environment variables to your containers running Lego. Lego will use those env vars to authenticate with Lightsail APIs in us-east-1. [1]
My instance's region is eu-west-3 (I tried changing the region in Lego config, doesn't work)
Your Lego instance must call AWS APIs in us-east-1, see [2][3].
Lego and Traefik do not call the AssumeRole directly and do not create the temporary token
I guess Traefik/Lego assume the lightsail instance role automatically using EC2 instance metadata service, see [4]:
For applications, AWS CLI, and Tools for Windows PowerShell commands that run on the instance, you do not have to explicitly get the temporary security credentials—the AWS SDKs, AWS CLI, and Tools for Windows PowerShell automatically get the credentials from the EC2 instance metadata service and use them. To make a call outside of the instance using temporary security credentials (for example, to test IAM policies), you must provide the access key, secret key, and the session token.
I'm using AWS_ACCESS_KEY_ID_FILE and AWS_SECRET_ACCESS_KEY_FILE in Traefik environment configuration.
I could not find those env vars in the Lego source code [1]. Make sure that Lego is actually using your configured AWS credentials. The error message posted above suggests it's not using them and falls back to the instance profile instead.
[1] https://github.com/go-acme/lego/blob/master/providers/dns/lightsail/lightsail.go#L81
[2] https://docs.aws.amazon.com/cli/latest/reference/lightsail/create-domain-entry.html#examples
[3] https://github.com/go-acme/lego/blob/master/providers/dns/lightsail/lightsail.go#L69
[4] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install acme-dns
Install Go 1.13 or newer.
Build acme-dns:
Move the built acme-dns binary to a directory in your $PATH, for example: sudo mv acme-dns /usr/local/bin
Edit config.cfg to suit your needs (see configuration). acme-dns will read the configuration file from /etc/acme-dns/config.cfg or ./config.cfg, or a location specified with the -c flag.
If your system has systemd, you can optionally install acme-dns as a service so that it will start on boot and be tracked by systemd. This also allows us to add the CAP_NET_BIND_SERVICE capability so that acme-dns can be run by a user other than root. Make sure that you have moved the configuration file to /etc/acme-dns/config.cfg so that acme-dns can access it globally. Move the acme-dns executable from ~/go/bin/acme-dns to /usr/local/bin/acme-dns (Any location will work, just be sure to change acme-dns.service to match). Create a minimal acme-dns user: sudo adduser --system --gecos "acme-dns Service" --disabled-password --group --home /var/lib/acme-dns acme-dns. Move the systemd service unit from acme-dns.service to /etc/systemd/system/acme-dns.service. Reload systemd units: sudo systemctl daemon-reload. Enable acme-dns on boot: sudo systemctl enable acme-dns.service. Run acme-dns: sudo systemctl start acme-dns.service.
If you did not install the systemd service, run acme-dns. Please note that acme-dns needs to open a privileged port (53, domain), so it needs to be run with elevated privileges.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
