acme dns-01 using dns-nsupdate

ivarh

Hi, I am self hosting my domains on a bind9 based nameserver where I have set up dynamic updates using RFC2136. From reading the dock of the new dns-01 support in mailcow’s acme container I am trying to set up dns-01 using the dns-nsupdate plugin. I am not able to make this work. have anyone been able to get this to work? my nameserver config is set up to work for dynamic updates and i have a traefik reverse proxy working using RFC2136 updates. I am using the same tsig key for mailcow’s acme container

ivarh

I have figured out how to do this and here is the configuration changes I made to make it work:

To mailcow.conf add this:
CME_DNS_CHALLENGE=y
ACME_DNS_PROVIDER=dns_nsupdate
ACME_ACCOUNT_EMAIL=your@email.address

place the key used to authenticate your nsupdate’s with your nameserver in the file data/conf/acme calling it tsig.key:

root@mailcow:/opt/mailcow-dockerized/data/conf/acme# cat tsig.key
key “mailcow” {
algorithm hmac-sha256;
secret “SECRET”;
};

edit the file data/conf/dns-01.conf to look like this:

root@mailcow:/opt/mailcow-dockerized/data/conf/acme# cat dns-01.conf
NSUPDATE_SERVER=“nameserver_ip”
NSUPDATE_KEY=“/etc/acme/tsig.key”

I hope this can help others that are self hosting their dns servers along with their emails.

/var