Certbot and DNS with BIND and Windows: Difference between revisions
| Line 2: | Line 2: | ||
===Script to Run (work in progress)=== | ===Script to Run (work in progress)=== | ||
The below script, when run with ./NC.sh (assuming that's the name of the script), will use DNS to retrieve certificates (and also update other 'Slave Servers'). | The below script, when run with <code>./NC.sh</code> (assuming that's the name of the script), will use DNS to retrieve certificates (and also update other 'Slave Servers'). | ||
That infrastructure of course has to be set up before hand, and includes the following items (generally speaking); | |||
*Configure the following; | *Configure the following; | ||
**Delegate the _acme_challenge 'sub zone' in Windows (assumes Windows DNS is used as the backend "Master / Primary" DNS Server | **Delegate the _acme_challenge 'sub zone' in Windows (assumes Windows DNS is used as the backend "Master / Primary" DNS Server | ||
**"Slave / Secondary" in BIND (assuming BIND / NAMED is being used as a frontend server<syntaxhighlight lang="text"> | **"Slave / Secondary" configuration in BIND (assuming BIND / NAMED is being used as a frontend server;<syntaxhighlight lang="text"> | ||
zone "_acme-challenge.WhatEverDomainName.WhatEverSuffix" { | zone "_acme-challenge.WhatEverDomainName.WhatEverSuffix" { | ||
| Line 14: | Line 16: | ||
allow-update { W.X.Y.Z/24; }; | allow-update { W.X.Y.Z/24; }; | ||
file "/var/named/masters/_acme-challenge.WhatEverDomainName.WhatEverSuffix.hosts"; | file "/var/named/masters/_acme-challenge.WhatEverDomainName.WhatEverSuffix.hosts"; | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang="text"> | |||
./NC.sh Script;<syntaxhighlight lang="text"> | |||
#!/bin/sh | #!/bin/sh | ||
| Line 135: | Line 135: | ||
<br /> | <br /> | ||
=== Troubleshooting Commands === | ===Troubleshooting Commands=== | ||
* Regarding the NAMED / BIND .jnl Files; | *Regarding the NAMED / BIND .jnl Files; | ||
** rndc zonestatus _acme-challenge.WhatEverDomainName | **rndc zonestatus _acme-challenge.WhatEverDomainName | ||
*** ...if issues, then; | ***...if issues, then; | ||
*** rndc freeze _acme-challenge.WhatEverDomainName | ***rndc freeze _acme-challenge.WhatEverDomainName | ||
*** rndc sync -clean _acme-challenge.WhatEverDomainName | ***rndc sync -clean _acme-challenge.WhatEverDomainName | ||
*** rndc thaw _acme-challenge.WhatEverDomainName | ***rndc thaw _acme-challenge.WhatEverDomainName | ||
<br /> | <br /> | ||