New subdomain with Certbot

By triaxx, . Permalink Administration

How to add a new subdomain with BIND, Certbot and RFC2136?

Configuration of BIND

RFC 2136 is for Dynamic Updates in the Domain Name System. When RFC 2136 DNS Authenticator is used with Cerbot, a DNS Challenge is performed. BIND needs grants to accept this challenge. For example, the subdomain new implies to add a additional line is this part of configuration file:

zone "triaxx.org" {
  update-policy {
    grant "triaxx.org." name "_acme-challenge.triaxx.org." "txt";
    grant "triaxx.org." name "_acme-challenge.foo.triaxx.org." "txt";
    grant "triaxx.org." name "_acme-challenge.bar.triaxx.org." "txt";
    grant "triaxx.org." name "_acme-challenge.new.triaxx.org." "txt";
  };
};

Cerbot script

The subdomain new

certbot=/usr/pkg/bin/certbot
cred=/usr/pkg/etc/letsencrypt/triaxx.ini
email=certbot@triaxx.org
subdomains="foo bar new"

domain_arg="--domain triaxx.org"
for subdomain in ${subdomains} ; do
  domain_arg="${domain_arg} --domain ${subdomain}.triaxx.org"
done
${certbot} certonly \
  --non-interactive \
  --agree-tos \
  --email ${email} \
  --dns-rfc2136 \
  --dns-rfc2136-credentials ${cred} \
  ${domain_arg} \
  --expand
done

Add a comment

HTML code is displayed as text and web addresses are automatically converted.

Add ping

Trackback URL : https://blog.triaxx.org/trackback/20

Page top