Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate dynu.com that also support ACME #1315

Closed
frennkie opened this issue Jul 5, 2020 · 6 comments
Closed

Integrate dynu.com that also support ACME #1315

frennkie opened this issue Jul 5, 2020 · 6 comments
Milestone
1.6.1 Release

Comments

@frennkie
Copy link
Contributor

frennkie commented Jul 5, 2020
edited
Loading

There are at least two (free) services that offer DynDNS like features which seem to support ACME:

Works:

In testing:

Ruled out:
@rootzoll
Copy link
Collaborator

rootzoll commented Jul 5, 2020

Make a "HTTPS-Domain"-Subscription out of this - you dont choose a shop here - but you have DuckDNS and FreeDNS here as free options. Let the user enter the needed credentials and then trigger the ACME script accordently and exchange the cert nginx.

@frennkie
Copy link
Contributor Author

"Bad" news: acmesh-official/acme.sh#2305 (comment)

I ask because the dns_freedns plugin will not work with a "public" domain shared by FreeDNS... it will only work with a domain that you own.

This - kind of - defeats the idea to require almost "nothing" from our users. I will focus on Duckdns.

@frennkie
Copy link
Contributor Author

frennkie commented Aug 6, 2020
edited
Loading

@rootzoll please be aware that the DuckDNS API does not work (with acme.sh) when more than one name is to be included in the certificate.

E.g. raspiblitz.duckdns.org will work, but myraspiblitz.duckdns.org + raspiblitz.duckdns.org will not.

The cause for this is that acme.sh tries to validate using different TXT records, but DuckDNS doesn't support multiple different TXT records to be set.

For our current setup this doesn't hurt and is just something to keep in mind (and maybe point out to users). But my idea was to always set the primary subdomain and a wildcard: raspiblitz.duckdns.org + *.raspiblitz.duckdns.org. Unfortunately this won't work like that.

Also bare in mind that the certificate for *.raspiblitz.duckdns.org will not be considered valid if you point your browser to raspiblitz.duckdns.org.

@frennkie frennkie added this to the 1.6.1 Release milestone Aug 8, 2020
@frennkie
Copy link
Contributor Author

frennkie commented Aug 8, 2020

https://github.com/acmesh-official/acme.sh/wiki/dnsapi

rootzoll added a commit that referenced this issue Sep 16, 2020
@rootzoll
#1315 added dynu.com as alternative to duckdns.org (#1556)
44b9efa
rootzoll added a commit that referenced this issue Sep 16, 2020
@rootzoll
#1315 added dynu.com as alternative to duckdns.org (#1556)
da5e604
@rootzoll
Copy link
Collaborator

@frennkie ok I added dynu.com to for the v1.6.1 release - works fine on my tests with ACME and LetsEncrypt. Marking for final testing.

@rootzoll rootzoll changed the title Integrate DynDNS/NoIP Services that also support ACME Integrate dynu.com that also support ACME Sep 16, 2020
@rootzoll rootzoll added the final testing was fixed - needs testing label Sep 16, 2020
@rootzoll
Copy link
Collaborator

rootzoll commented Oct 8, 2020

Tested it a few more times and works well. Will be part of v1.6.1 release. Cosing issue.

@rootzoll rootzoll closed this as completed Oct 8, 2020
@rootzoll rootzoll removed the final testing was fixed - needs testing label Oct 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.6.1 Release
Development

No branches or pull requests
2 participants
@rootzoll @frennkie