RFC2136
Create verification records using dynamic updates
| Plugin type | DNS validation | |
|---|---|---|
| Download | Version v2.3.3. Look for older releases on GitHub for files named like plugin.validation.dns.rfc2136.v2.x.x.zip | |
| Chocolatey | choco install simple-acme-validation-dns-rfc2136(details) |
|
| Compatibility | All platforms |
Description
Create the record using dynamic DNS updates as defined in RFC 2136. This requires a DNS server IP (and optional port), a TSIG key consisting of a name and a base64 encoded secret, and an algorithm, which may be any of the following:
- md5
- sha1
- sha224
- sha256
- sha256_128
- sha384
- sha384_192
- sha512
- sha512_256
Plugins needs to be unpacked into a folder called %programdata%\simple-acme\plugins. Depending on how you downloaded the file, you may have to unblock the .dll files before your computer will trust them. You can do that from the File Explorer by using the right mouse button and then checking the `Unblock` box on the General tab.
To verify that the plugin is properly installed you can start the main executable
with ‑‑verbose and it will print information about found and loaded plugins at
start up. When the plugin is loaded, it manifests itself as extra menu choices and
command line parameters being made availalbe.
All releases published to third party package managers like Chocolatey and NuGet support plugins, but if you download simple-acme manually, you must choose a pluggable version instead of the trimmed one to use it.
Command line
--validation rfc2136 |
Activates the plugin | |
|---|---|---|
‑‑serverhost |
DNS server host/ip | |
‑‑serverport |
DNS server port | |
‑‑tsigkeyname |
TSIG key name | |
‑‑tsigkeysecret |
TSIG key secret (Base64 encoded)
You may pass the secret in plain text, but can also use a reference to the secret vault like |
|
‑‑tsigkeyalgorithm |
TSIG key algorithm |
Examples
| Typical | --validation rfc2136 ‑‑serverhost 10.10.10.10 [‑‑serverport 53] ‑‑tsigkeyname mykey ‑‑tsigkeysecret ***** [‑‑tsigkeyalgorithm md5] |
|---|
JSON
| ID | ed5dc9d1-739c-4f6a-854f-238bf65b63ee |
|---|
Looking for win-acme?
simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.