DNS provider support

ejin · May 13, 2019, 4:48am

supplement:
The windows platform did not find tools or scripts that can be registered and renewed through the dns challenge. Caddy may be the only one.

2019-05-13 UTC+0000 06:09 update
A DNS record needs to be created automatically during this process.

Whitestrake · May 13, 2019, 5:17am

@ejin, I believe https://certifytheweb.com/ does DNS challenges.

I personally much prefer to have Caddy reverse proxy to my IIS instance, but if you can’t have Caddy, I’ve used Certify SSL Manager in the past and it does the job at least.

ejin · May 13, 2019, 6:19am

@Whitestrake, Thanks, I have tried this tool, it can’t log in to my domain name service provider to automatically create DNS records.
It is not a pleasant thing to maintain one or more SSL certificates every quarter. (There is no such problem in Linux series systems)
So I am currently using a free one-year SSL single domain certificate.

Of course, if I pay, these are not a problem. Can’t blame free software.

Whitestrake · May 13, 2019, 6:20am

Yeah. The list of DNS providers is much shorter than Caddy’s list.

ejin · May 13, 2019, 6:29am

@Whitestrake After using it for a while, I have considered that these automated tools can open an interface to call a third-party exe file or script (the exe file is Windows platform, other platforms use a similar method), so users can use any The language to write this part of the function. You don’t need the author to take care of every DNS service provider, and you don’t need everyone to learn golang to create your own “automatic DNS record creation tool.”

Whitestrake · May 13, 2019, 6:34am

That’s possible.

That said, it’s not a one-step process. The ACME client needs to have the DNS provider perform multiple steps, with some waiting in between. So there needs to be some standard way for Caddy to interact with that third party exe or script. A standard set of features that they must provide. Also, a specific way in which they need to respond to Caddy to let it know they’ve done their job and Caddy can have LetsEncrypt continue the verification process.

Basically, they need to be pretty standardized. Having them as Golang plugins lets us guarantee that - it’s basically the best way to go about it. I’m sure it’s possible, but it’d be very “gung-ho” to just throw a script at it.

ejin · May 13, 2019, 6:40am

@Whitestrake Yes, this topic stops, I may have taken up too much layout. Thank you!

danb35 · May 18, 2019, 1:27am

I’m pretty sure acme.sh can be made to run on Windows, and it has very broad DNS provider support (even broader than Caddy, I believe).

ejin · May 30, 2019, 1:37pm

I guess it’s a shell script, is it running in WSL?(WSL=Windows Subsystem for Linux)
If the answer is yes.
Some of my machines run Windows 7, Windows 2008 R2, Windows 2012 R2, Windows 2016, Windows 10 operating systems. WSL is not universal.
So I hope that you are not talking about WSL, but recently crazy exploration, I found that acme.sh can run on Git bash.
If acme.sh has a better way to run on a Windows system, I would like to know more, can you disclose more information? Thank you!

danb35 · May 30, 2019, 3:20pm

From the issue below, it looks like wither WSL or cygwin would be solutions that would let acme.sh run under Windows.
https://github.com/Neilpang/acme.sh/issues/1031

ejin · May 30, 2019, 4:30pm

thank you very much

system · August 28, 2019, 4:30pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.