duckdns
lexicon
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
duckdns
-
PSA: unless you are using wildcard certificates, all your subdomains get published in a list of issued Let's Encrypt certificates. You can see if your subdomains are published here: https://crt.sh/
(1) https://github.com/caddy-dns/duckdns
-
What are y’all using to set up a domain on your LAN so that your services are like `whatever.local/gitea` instead of `192.168.0.50:8080`. Pretty sure I need a reverse proxy but I’ve never set one up that wasn’t publicly available, so I’m not sure if a different set of rules apply.
My domain provider is not supported by Caddy, so I use duckdns.org for dynamic dns and dns challenge - it can be routed to my domain (see https://github.com/caddy-dns/duckdns). It might be possible to use duckdns.org directly instead of buying a domain, but the url will be xxx.duckdns.org or similar. (e.g. gitea-xyz.duckdns.org routed to 192.168.0.50)
-
Router ports open but reverse proxy not working (Docker, Caddy, DuckDNS)
Why are you using the email global directive for DuckDNS? Why not just use the DuckDNS addon (Github) module?
-
Let's Encrypt ACME DNS alias mode
Also known as "DNS challenge delegation".
I have this implemented (with help) for the libdns plugin for DuckDNS, which can be used with Caddy.
So basically, you can use a free https://www.duckdns.org/ domain to solve DNS challenges, for your domain which may be managed by any other DNS provider.
https://github.com/caddy-dns/duckdns#challenge-delegation
I do this with my domain I have registered with Google Domains, because they have no API at all right now.
-
Synching iOS Contact/Calander to Nextcloud 22.0 - Localhost - NO SSL?
- Using caddy reverse proxy + https://github.com/caddy-dns/duckdns
-
Caddy + Namecheap + DuckDNS configuration
But if you need wildcard certs, then using duckdns makes a whole lot of sense because namecheap's DNS API is some hot garbage (requires fetching the entire set of DNS records for the zone, making your change, then pushing back up the entire set, as XML). The alternative is to use DNS challenge delegation, which is quite easy to do with the duckdns plugin for Caddy https://github.com/caddy-dns/duckdns#challenge-delegation
lexicon
-
Dehydrated: Letsencrypt/acme client implemented as a shell-script
One of the biggest benefits of dehydrated is that it doesn't try to integrate with a DNS provider on its own. It just calls a hook, which can be implemented with a simple shell script[1]. The most popular third-party integration is lexicon[2], though you're not required to use Lexicon. (e.g. you're free to use awscli, gcloud, linode-cli, etc. to do the actual DNS record manipulation)
This means its dependencies footprint is much smaller, and allows you to do things that can be a nightmare to configure with Certbot or other alternatives. For example, at one of the scenarios I had to set up was that we had to query a credential via HashiCorp Vault, which is then used to cURL into an API endpoint. The shell script in total was pretty short (< 100 LOC) and it worked extremely well.
[1]: https://github.com/dehydrated-io/dehydrated/blob/master/docs...
[2]: https://github.com/AnalogJ/lexicon
-
Why Certificate Lifecycle Automation Matters
A reminder that if you an internal-only server where the typical http-01' verification connection method will not work, especially if you cannot easily/dynamically update DNS records, one can use dns-01* by using DNS aliasing/CNAME:
* https://dan.langille.org/2019/02/01/acme-domain-alias-mode/
* https://www.eff.org/deeplinks/2018/02/technical-deep-dive-se...
So if you want a cert for www.internal.example.com, you will first have do a one-time change to have a _acme-challenge.www.internal… CNAME created to point to any other (sub-)domain where you can easily update things dynamically, e.g., www-internal.example-dnsapi.com.
When request the cert for "www.internal…", LE/ACME will look up the corresponding _acme-challenge record, and go to "_acme-challenge.www-internal.example-dnsapi.com. The nonce token will be there in the 'final' destination following the CNAME in a TXT, which shows LE/ACME that you control the DNS chain.
To do the DNS updating, you can use a CLI/Python library like Lexicon, which supports dozens of APIs:
* https://github.com/AnalogJ/lexicon
-
Easy HTTPS for your private networks
This leverages the ACME DNS server which has a REST API:
* https://github.com/joohoi/acme-dns
If your DNS provider has an API, you can hook into that for internal-only web servers; this handy code supports several dozen APIs so you don't have to re-invent the wheel:
* https://github.com/AnalogJ/lexicon
* https://pypi.org/project/dns-lexicon/
* https://dns-lexicon.readthedocs.io/en/latest/user_guide.html
- Wie kommt Google Safe Browsing darauf, dass alle Seiten auf meiner Dyndns Domain phishing Seiten sind?
-
Uacme: ACMEv2 client written in plain C with minimal dependencies
> It even comes preconfigured for various DNS providers[2]
Also, CLI utility that supports a bunch of APIs:
* https://github.com/AnalogJ/lexicon
-
what are better alternatives of noip?
Then, you can use ddclient, which supports many DNS services (including those providing DynDNS protocol), or you can write a Python script using the dns-lexicon module to manipulate the DNS records over the API.
- NextDNS Launches API
- Lexicon: Manipulate DNS records on various DNS providers in a standardized way.
- Lexicon: Manipulate DNS records on various DNS providers in a standardized way
- Some of the popular DNS management services as a self hosted service
What are some alternatives?
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
acme.sh - A pure Unix shell script implementing ACME client protocol
octoDNS - Tools for managing DNS across multiple providers
lexicon - A fun react dictionary app to learn some new words!
CoreDNS - CoreDNS is a DNS server that chains plugins
extdns - External DNS for docker-compose
lego - Let's Encrypt/ACME client and library written in Go
docker-dehydrated-lexicon - Just a container to help on requesting letsencrypt certificates with dns-01 validation
Pulumi - Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀