Only acme challenge type of http-01 is supported, config examples reference both sni and dns

yyyar / gobetween

:cloud: Modern & minimalistic load balancer for the Сloud era

http://gobetween.io

Other

1.91k stars 210 forks source link

Only acme challenge type of http-01 is supported, config examples reference both sni and dns #292

Open TomVnz opened 3 years ago

TomVnz commented 3 years ago

http://gobetween.io/documentation.html#Protocols

[acme] # (optional) challenge = "http" # (optional) http | sni | dns

The info here suggest this can be done, just now sure how - e.g. with cloudflare or another DNS provider. How can I set access token to enable DNS acme verification?

Any help appreciated, thanks!

nickdoikov commented 3 years ago

I'm not sure that it is possible, exernal dns providers that managing zones works via different API's some of them not providing API at all, so ther's no unified way to do this .

TomVnz commented 3 years ago

I've had some more time to look through the source - src/service/acme.go - and it looks like only http-01 is supported, but as the challenge value within the config file isn't validated, no sensible log information is outputted to say so.

Then looking further, seems the package you use - autocert - doesn't actually support DNS-01 verification see issue:- 23198. So you'd have to switch gobetween to something that does., e.g. one of acmez / lego with certmagic