certhub-hook-nsupdate-auth¶
Synopsis¶
/usr/local/lib/certhub/certbot-hooks/hook-nsupdate-auth
/usr/local/lib/certhub/certbot-hooks/hook-nsupdate-cleanup
/usr/local/lib/certhub/dehydrated-hooks/hook-nsupdate-auth
Description¶
A hook script for certbot and dehydrated respectively capable of deploying DNS-01 challenge tokens via nsupdate.
Environment¶
- CERTHUB_NSUPDATE_ARGS¶
Arguments passed to nsupdate called from auth/cleanup hooks. Specify the path to the DDNS key used to update a DNS zone. Example:
CERTHUB_NSUPDATE_ARGS=-k /etc/certhub/example.com.nsupdate.key
- CERTHUB_NSUPDATE_SERVER¶
Contact the specified server. By default nsupdate queries SOA records in order to determine the authoritative server. Example:
CERTHUB_NSUPDATE_SERVER=some-ns.example.com
- CERTHUB_NSUPDATE_TTL¶
TTL for created DNS records. Defaults to 600.
- CERTHUB_NSUPDATE_DOMAIN¶
Domain name to use for the challenge. Uses
_acme-challenge.${domain-to-be-validated}
by default. Customizing this setting makes sense, e.g. when usingCNAME
records to redirect _acme-challenge names from the real domain to a separate zone purpose built for challange validation.
- CERTHUB_NSUPDATE_CNAME_MAXDEPTH¶
Follow
CNAME
records at maximum this many times after the domain to use for the challenge is determined. Customizing this setting makes sense, e.g. when usingCNAME
records to redirect _acme-challenge names from the real domain to a separate zone purpose built for challange validation. Defaults to 0.
See Also¶
nsupdate(1),