Client implementations

[joohoi]

Acme-dns needs client implementations for clients in order to be useful. If you have written a client implementation, please let me know, and I'll add a link to it to the README.md for people to find and use.

Currently the only publicly available client implementation that I know of is a Certbot authentication hook that can be found at: https://github.com/joohoi/acme-dns-certbot . This can be used as a reference for ways to handle the credential storage and communication towards acme-dns instance.

[MrBMT]

I didn't make it, but there's also another Certbot hook written in Go: https://github.com/koesie10/acme-dns-certbot-hook

I found and used this to generate my first LE Wildcard certs, as it was before you'd created your hook.

[joohoi]

~Thanks! I'll add it to the list.~ Done.

[danb35]

acme.sh appears to work with acme-dns; its instructions are near the bottom of the page at https://github.com/Neilpang/acme.sh/blob/master/dnsapi/README.md.

[joohoi]

Awesome news! I'll add a link to the docs.

[Ajedi32]

Not sure if this counts as a separate client or not, but pfSense supports it via the ACME plugin's integration with ACME.sh:

[joohoi]

pfSense supports it via the ACME plugin's integration with ACME.sh

This is cool! Could probably list it under a section of "Other" or similar.

In general though, I feel that the acme.sh client implementation is somewhat lacking, as it expects a single set of acme-dns credentials for the entire certificate instead of credentials per domain. This approach has caveats that we went into detail in discussion here.

This isn't an issue in typical pfSense installation, but I hope it would get fixed in acme.sh, although the acme.sh architecture might make it hard. acme-dns is a different beast than typical DNS APIs.

[viralpoetry]

Hi, there is now also ACME-DNS DNS Authenticator plugin for Certbot https://github.com/pan-net-security/certbot-dns-acmedns