Certbot and DNS with BIND and Windows: Difference between revisions

(One intermediate revision by the same user not shown)

Line 2:

===Script to Run (work in progress)===

The below script, when run with ./NC.sh (assuming that's the name of the script), will use DNS to retrieve certificates (and also update other 'Slave Servers'). That infrastructure of course has to be set up before hand, and includes the following items (generally speaking);

The below script, when run with <code>./NC.sh</code> (assuming that's the name of the script), will use DNS to retrieve certificates (and also update other 'Slave Servers').

That infrastructure of course has to be set up before hand, and includes the following items (generally speaking);

*Configure the following;

**Delegate the _acme_challenge 'sub zone' in Windows (assumes Windows DNS is used as the backend "Master / Primary" DNS Server

**"Slave / Secondary" in BIND (assuming BIND / NAMED is being used as a frontend server<syntaxhighlight lang="text">

**"Slave / Secondary" configuration in BIND (assuming BIND / NAMED is being used as a frontend server;<syntaxhighlight lang="text">

zone "_acme-challenge.WhatEverDomainName.WhatEverSuffix" {

Line 14:

Line 16:

allow-update { W.X.Y.Z/24; };

~~notify yes;~~

~~also-notify { A.B.C.D; };~~

file "/var/named/masters/_acme-challenge.WhatEverDomainName.WhatEverSuffix.hosts";

};

</syntaxhighlight>

./NC.sh Script;<syntaxhighlight lang="text">

#!/bin/sh

Line 135:

<br />

=== Troubleshooting Commands ===

===Troubleshooting Commands===

* Regarding the NAMED / BIND .jnl Files;

*Regarding the NAMED / BIND .jnl Files;

** rndc zonestatus _acme-challenge.WhatEverDomainName

**rndc zonestatus _acme-challenge.WhatEverDomainName

*** ...if issues, then;

***...if issues, then;

*** rndc freeze _acme-challenge.WhatEverDomainName

***rndc freeze _acme-challenge.WhatEverDomainName

*** rndc sync -clean _acme-challenge.WhatEverDomainName

***rndc sync -clean _acme-challenge.WhatEverDomainName

*** rndc thaw _acme-challenge.WhatEverDomainName

***rndc thaw _acme-challenge.WhatEverDomainName

*dig +trace _acme-challenge.grassvalleyflorist.com TXT

<br />

@@ Line 2: / Line 2: @@
 ===Script to Run (work in progress)===
-The below script, when run with ./NC.sh (assuming that's the name of the script), will use DNS to retrieve certificates (and also update other 'Slave Servers').  That infrastructure of course has to be set up before hand, and includes the following items (generally speaking);
+The below script, when run with <code>./NC.sh</code> (assuming that's the name of the script), will use DNS to retrieve certificates (and also update other 'Slave Servers').
+That infrastructure of course has to be set up before hand, and includes the following items (generally speaking);
 *Configure the following;
 **Delegate the _acme_challenge 'sub zone' in Windows (assumes Windows DNS is used as the backend "Master / Primary" DNS Server
-**"Slave / Secondary" in BIND (assuming BIND / NAMED is being used as a frontend server<syntaxhighlight lang="text">
+**"Slave / Secondary" configuration in BIND (assuming BIND / NAMED is being used as a frontend server;<syntaxhighlight lang="text">
 zone "_acme-challenge.WhatEverDomainName.WhatEverSuffix" {
@@ Line 14: / Line 16: @@
 	allow-update { W.X.Y.Z/24; };
-	notify yes;
-	also-notify { A.B.C.D; };
 	file "/var/named/masters/_acme-challenge.WhatEverDomainName.WhatEverSuffix.hosts";
 	};
 </syntaxhighlight>
-<syntaxhighlight lang="text">
+./NC.sh Script;<syntaxhighlight lang="text">
 #!/bin/sh
@@ Line 135: / Line 135: @@
 <br />
-=== Troubleshooting Commands ===
+===Troubleshooting Commands===
-* Regarding the NAMED / BIND .jnl Files;
+*Regarding the NAMED / BIND .jnl Files;
-** rndc zonestatus _acme-challenge.WhatEverDomainName
+**rndc zonestatus _acme-challenge.WhatEverDomainName
-*** ...if issues, then;
+***...if issues, then;
-*** rndc freeze _acme-challenge.WhatEverDomainName
+***rndc freeze _acme-challenge.WhatEverDomainName
-*** rndc sync -clean _acme-challenge.WhatEverDomainName
+***rndc sync -clean _acme-challenge.WhatEverDomainName
-*** rndc thaw _acme-challenge.WhatEverDomainName
+***rndc thaw _acme-challenge.WhatEverDomainName
+*dig +trace _acme-challenge.grassvalleyflorist.com TXT
 <br />