Whitelisted domains only

[saudiqbal]

Is it possible to only register domains in a white list only? Like whitelist_domain = ["domain.com, domain.org"]

[webprofusion-chrisc]

The standard /register/ endpoint doesn't actually know your domain, so currently you couldn't whitelist domains in standard acme-dns.

If the objective is to limit registrations to certain authorised users:

• You can however run a proxy (any web server or proxying service) in front of the API and require basic authentication, like https://user:password@your-acme-dns.server/register - that does depend on the acme-dns client being compatible though as it then has to convert those into an Authorization: Basic <base64credentials> http header. Some do this automatically.

• Another alternative is to put a key in the URL https://your-acme-dns.server/ABC123KEY/register

[saudiqbal]

Thanks, I like the idea of using a key in the url, can you explain where do I set the value ABC123KEY, I cannot find any documentation for where to set it.

[saudiqbal]

It would be nice to set a variable in config to define a key in the URL $key as https://your-acme-dns.server/$key/register

[TomyLobo]

Either use a firewall rule to whitelist access to acme-dns or use a reverse proxy to enforce basic auth on the /register endpoint, like @webprofusion-chrisc suggested. We've been successfully using the firewall approach for years.

Your suggestion to make the registration endpoint configurable complicates the manual, adds maintenance burden and is less secure than the two already supported measures I listed. The PR you are asking the maintainers to merge is lacking test cases for the proposed changes and doesn't update the manual either.

If you're concerned about scans, I'd suggest you to set up a firewall or an nginx reverse proxy to protect your acme-dns instance. I'm confident that anyone could have learned how to do that in the almost 3 years you've been commenting about this on various issue threads.