summaryrefslogtreecommitdiffstats
path: root/_posts/rfc2136.md
diff options
context:
space:
mode:
Diffstat (limited to '_posts/rfc2136.md')
-rw-r--r--_posts/rfc2136.md29
1 files changed, 29 insertions, 0 deletions
diff --git a/_posts/rfc2136.md b/_posts/rfc2136.md
new file mode 100644
index 0000000..d8d5190
--- /dev/null
+++ b/_posts/rfc2136.md
@@ -0,0 +1,29 @@
+# dyndns setup http://www.btteknik.net/?p=143
+ddns-confgen -s rfc2136.sijanec.eu.
+# http://www.ipamworldwide.com/ipam/update-policy.html
+vim /etc/bind/named.conf.local # here goes the update policy, change name to subdomain
+touch /etc/bind/keyfile.conf
+chmod 0660 /etc/bind/keyfile.conf
+vim /etc/bind/keyfile.conf # here goes the key
+# hook script https://blog.danman.eu/automatic-letsencrypt-wildcard-cert-renewal-with-nsupdate/
+vim /etc/letsencrypt/hook.sh
+ #!/bin/bash
+ CREATE_DOMAIN="certbot.rfc2136.sijanec.eu."
+ echo "
+ server 127.0.0.1
+ update delete $CREATE_DOMAIN TXT
+ update add $CREATE_DOMAIN 1 TXT $CERTBOT_VALIDATION
+ send
+ " | nsupdate -k /etc/bind/keyfile.conf
+ if [ $CERTBOT_REMAINING_CHALLENGES -eq 0 ]
+ then
+ echo done, reloading server and waiting 30 seconds
+ rndc reload
+ sleep 30
+ fi
+chmod +x /etc/letsencrypt/hook.sh
+# v domenske zapise vseh domen je treba dodati:
+# _acme-challenge IN CNAME certbot.rfc2136.sijanec.eu.
+certbot certonly --reuse-key --manual --register-unsafely-without-email --preferred-challenges dns --manual-auth-hook /etc/letsencrypt/hook.sh -d sijanec.eu -d sijanec.org -d sijanec.net -d xn--ijanec-9jb.eu -d xn--ijanec-9jb.org -d xn--ijanec-9jb.net -d xn--ijanec-9jb.si -d xn--ijanec-9jb.com -d *.sijanec.eu -d *.sijanec.org -d *.sijanec.net -d *.xn--ijanec-9jb.eu -d *.xn--ijanec-9jb.org -d *.xn--ijanec-9jb.net -d *.xn--ijanec-9jb.si -d *.xn--ijanec-9jb.com -d gimb.tk -d *.gimb.tk -d xn--jha.ga -d *.xn--jha.ga
+# more interesting info:
+# https://certbot-dns-rfc2136.readthedocs.io/en/stable/ (per-domain setup required, no CNAMEs)