From 5bfe45cee11ea0547ad4304eccb56eca9e778875 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Tue, 2 Aug 2022 20:19:30 +0200 Subject: popravil desc, osnutki za dns, mail in rfc2136 --- _posts/rfc2136.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 _posts/rfc2136.md (limited to '_posts/rfc2136.md') diff --git a/_posts/rfc2136.md b/_posts/rfc2136.md new file mode 100644 index 0000000..d8d5190 --- /dev/null +++ b/_posts/rfc2136.md @@ -0,0 +1,29 @@ +# dyndns setup http://www.btteknik.net/?p=143 +ddns-confgen -s rfc2136.sijanec.eu. +# http://www.ipamworldwide.com/ipam/update-policy.html +vim /etc/bind/named.conf.local # here goes the update policy, change name to subdomain +touch /etc/bind/keyfile.conf +chmod 0660 /etc/bind/keyfile.conf +vim /etc/bind/keyfile.conf # here goes the key +# hook script https://blog.danman.eu/automatic-letsencrypt-wildcard-cert-renewal-with-nsupdate/ +vim /etc/letsencrypt/hook.sh + #!/bin/bash + CREATE_DOMAIN="certbot.rfc2136.sijanec.eu." + echo " + server 127.0.0.1 + update delete $CREATE_DOMAIN TXT + update add $CREATE_DOMAIN 1 TXT $CERTBOT_VALIDATION + send + " | nsupdate -k /etc/bind/keyfile.conf + if [ $CERTBOT_REMAINING_CHALLENGES -eq 0 ] + then + echo done, reloading server and waiting 30 seconds + rndc reload + sleep 30 + fi +chmod +x /etc/letsencrypt/hook.sh +# v domenske zapise vseh domen je treba dodati: +# _acme-challenge IN CNAME certbot.rfc2136.sijanec.eu. +certbot certonly --reuse-key --manual --register-unsafely-without-email --preferred-challenges dns --manual-auth-hook /etc/letsencrypt/hook.sh -d sijanec.eu -d sijanec.org -d sijanec.net -d xn--ijanec-9jb.eu -d xn--ijanec-9jb.org -d xn--ijanec-9jb.net -d xn--ijanec-9jb.si -d xn--ijanec-9jb.com -d *.sijanec.eu -d *.sijanec.org -d *.sijanec.net -d *.xn--ijanec-9jb.eu -d *.xn--ijanec-9jb.org -d *.xn--ijanec-9jb.net -d *.xn--ijanec-9jb.si -d *.xn--ijanec-9jb.com -d gimb.tk -d *.gimb.tk -d xn--jha.ga -d *.xn--jha.ga +# more interesting info: +# https://certbot-dns-rfc2136.readthedocs.io/en/stable/ (per-domain setup required, no CNAMEs) -- cgit v1.2.3