certhub-hook-nsupdate-auth

Synopsis

/usr/local/lib/certhub/certbot-hooks/hook-nsupdate-auth

/usr/local/lib/certhub/certbot-hooks/hook-nsupdate-cleanup

/usr/local/lib/certhub/dehydrated-hooks/hook-nsupdate-auth

Description

A hook script for certbot and dehydrated respectively capable of deploying DNS-01 challenge tokens via nsupdate.

Environment

CERTHUB_NSUPDATE_ARGS

Arguments passed to nsupdate called from auth/cleanup hooks. Specify the path to the DDNS key used to update a DNS zone. Example: CERTHUB_NSUPDATE_ARGS=-k /etc/certhub/example.com.nsupdate.key

CERTHUB_NSUPDATE_SERVER

Contact the specified server. By default nsupdate queries SOA records in order to determine the authoritative server. Example: CERTHUB_NSUPDATE_SERVER=some-ns.example.com

CERTHUB_NSUPDATE_TTL

TTL for created DNS records. Defaults to 600.

CERTHUB_NSUPDATE_DOMAIN

Domain name to use for the challenge. Uses _acme-challenge.${domain-to-be-validated} by default. Customizing this setting makes sense, e.g. when using CNAME records to redirect _acme-challenge names from the real domain to a separate zone purpose built for challange validation.

CERTHUB_NSUPDATE_CNAME_MAXDEPTH

Follow CNAME records at maximum this many times after the domain to use for the challenge is determined. Customizing this setting makes sense, e.g. when using CNAME records to redirect _acme-challenge names from the real domain to a separate zone purpose built for challange validation. Defaults to 0.

See Also

nsupdate(1),