search

dvtirol / serles-acme

Pluggable ACME: a tiny ACME-CA implementation to enhance existing CA infrastructure
https://serles-acme.readthedocs.io/
GNU General Public License v3.0
46 stars 10 forks source link

Implement DNS-01 challenge #9

Closed syberalexis closed 2 weeks ago

syberalexis commented 3 weeks ago

Add implementation for DNS-01 challenge and enable it Add pytests for the new implementation

Refer to #8

uedvt359 commented 2 weeks ago

i have installed your branch on one of our development machines and successfully generated a certificate using it! this makes me very happy :)

[root@someserver ~]# REQUESTS_CA_BUNDLE=/etc/pki/tls/cert.pem /usr/bin/certbot certonly --config /etc/letsencrypt/cli-rzapi-someserver.ini --force-renewal  --manual --preferred-challenges dns -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate for someserver.example.com
Performing the following challenges:
dns-01 challenge for someserver.example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.someserver.example.com.

with the following value:

nfTaYBNG7Dj6BB470-_o808wAMRvzIa3ssE1gR1xx48

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.someserver.example.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/someserver.example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/someserver.example.com/privkey.pem
This certificate expires on 2025-02-03.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@someserver ~]# cat /etc/letsencrypt/cli-rzapi-someserver.ini
server = https://serles.example.com:8443/directory
domains = someserver.example.com
register-unsafely-without-email = True
keep-until-expiring = True
agree-tos = True
key-type = rsa
rsa-key-size = 4096
uedvt359 commented 2 weeks ago

Thanks, great work!

syberalexis commented 2 weeks ago

Thank you for corrections and help :)