search

telekom-mms / ansible-collection-acme

An Ansible collection for issuing certificates via the ACME protocol.
GNU General Public License v3.0
50 stars 9 forks source link

Lookup ZoneID and fix challenge record format. #53

Closed smapjb closed 3 years ago

smapjb commented 3 years ago

I had to make some adjustments to get this to work for Hetzner DNS. To add a record you need a zone ID, and the acme challenge TXT records need to include the sub domain. If you have a wildcard this needs to be stripped also. Similar to your azure module.

avalor1 commented 3 years ago

Hi @smapjb , thank you for raising this pull request. This looks good to me. I can't test it myself as i do not have an account for the Hetzner DNS but i'm sure you did, right?

smapjb commented 3 years ago

Hi @smapjb , thank you for raising this pull request. This looks good to me. I can't test it myself as i do not have an account for the Hetzner DNS but i'm sure you did, right?

Yes, I trawled the hetzner API with postman, and with these changes I can successfully get new certs from stage and prod letsencrypt. Once you take this PR I will be able to auto renew my k8s certs on my cluster. FYI https://github.com/smapjb/ocp_certs

Also Hetzner DNS service is free which is why I moved my domains there.

rndmh3ro commented 3 years ago

Also Hetzner DNS service is free which is why I moved my domains there.

TIL!

Let's see if we can get a (free) domain and use Hetzner's DNS service to test this part of the collection.

smapjb commented 3 years ago

Let's see if we can get a (free) domain and use Hetzner's DNS service to test this part of the collection.

Just to be clear, not sure you can get a domain for free. But if you point your domain to the Hetzner nameservers - their DNS service, ie token based access to their DNS API is free.. I have not paid Hetzner anything, but I paid for my domains elsewhere.

rndmh3ro commented 3 years ago

Just to be clear, not sure you can get a domain for free.

Yes, that was clear. :) Getting a free domain should be doable, else paying some euros per year is feasible, too.

But if you point your domain to the Hetzner nameservers - their DNS service, ie token based access to their DNS API is free.. I have not paid Hetzner anything, but I paid for my domains elsewhere.

I'm doing that now, too! Previously I used route 53 that isn't free.

avalor1 commented 3 years ago

Quite interesting. Thanks for the tip! Will try it the next days :)