Differences

This shows you the differences between two versions of the page.

--- infrastructure:services:acme_dns [2026-01-25 22:02 UTC] – [Configuration] stb
+++ infrastructure:services:acme_dns [2026-01-25 23:44 UTC] (current) – fix urls june
@@ Line 1: / Line 1: @@
 ====== ACME DNS ======
 ---- dataentry service ----
-service-urls_urls          : http://https://acmedns.hamburg.ccc.de
+service-urls_urls          : https://acmedns.hamburg.ccc.de
 other-service-fqdns        :
 host-fqdn                  : acmedns.hosts.hamburg.ccc.de
-netbox-link_url            : http://https://netbox.hamburg.ccc.de/virtualization/virtual-machines/85/
+netbox-link_url            : https://netbox.hamburg.ccc.de/virtualization/virtual-machines/85/
-server_page                : infrastructure:servers:servername
+server_page                : infrastructure:servers:chaosknoten
 maintainers                : stb
 ccchh-id-integration_yesno : false
 ----
@@ Line 18: / Line 19: @@
 ===== Configuration =====
-See the Ansible repo. We are using [[https://github.com/oauth2-proxy/oauth2-proxy|oauth2-proxy|| to limit access to the register API endpoint to users that can log in through our Keycloak.
+See the Ansible repo. We are using [[https://github.com/oauth2-proxy/oauth2-proxy|oauth2-proxy]] to limit access to the register API endpoint to users that can log in through our Keycloak.
 ===== Using ACME-DNS =====
@@ Line 28: / Line 29: @@
 Go to https://acmedns.hamburg.ccc.de, log in if necessary, and click Register. A table will be shown with four parameters that you will need. This information is only shown once, so make sure to save or copy it straight away.
-* Full Domain: is the target of the CNAME entry you need to create
+  * Full Domain: is the target of the CNAME entry you need to create
-* Subdomain, X-Api-User and X-Api-Key: configuration for the ACME client.
+  * Subdomain, X-Api-User and X-Api-Key: configuration for the ACME client.
+**Note: there is no way to delete registrations.** Each registration is small, so it's not an immediate problem, but please do not click register unless you are planning to really create a new entry.
+{{:infrastructure:services:acmedns-register.png?600|}}
+==== Create a DNS Entry for the Challenge ====
+Create a (ACME magic) CNAME record to your existing zone, pointing to the subdomain you got from the registration.
+''_acme-challenge.domainiwantcertfor.tld. CNAME 3ed25037-79f1-4a89-8934-db3e162fe2bc.auth.acmedns.hamburg.ccc.de.''
+You can request a cerificate for a wildcard DNS entry by simply creating the wildcard entry for the FQDN, and making sure the '_acme-challenge' entry aligns with it. For example, with the above entry you can add the wild card like so:
+''*.domainiwantcertfor.tld. A 192.168.0.2''
+==== Configure ACME client ====
+  * [[https://github.com/joohoi/acme-dns-certbot-joohoi|acm-dns-certbot]] code and configuration
+  * [[https://github.com/acmesh-official/acme.sh/wiki/dnsapi#45-use-acme-dns-api|acme.sh configuration for acme-dns]]
+  * [[https://go-acme.github.io/lego/dns/acme-dns/index.html|LEGO configuration]]