- acme-dns-server VS acme-dns
- acme-dns-server VS dehydrated
- acme-dns-server VS acme-dns-certbot-joohoi
- acme-dns-server VS acme-tiny
- acme-dns-server VS lego
- acme-dns-server VS mkcert
- acme-dns-server VS public-roadmap
- acme-dns-server VS acme-tiny
- acme-dns-server VS acme.sh
- acme-dns-server VS dehydrated-bigip-ansible
Acme-dns-server Alternatives
Similar projects and alternatives to acme-dns-server
-
mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
acme-dns
Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
-
letsencrypt
Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
dehydrated-bigip-ansible
Ansible based hooks for dehydrated to enable ACME certificate automation for F5 BIG-IP systems
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
acme-dns-server reviews and mentions
-
Ask HN: What's your solution for SSL on internal servers?
DNS alias mode:
* https://dan.langille.org/2019/02/01/acme-domain-alias-mode/
* https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo...
* https://www.eff.org/deeplinks/2018/02/technical-deep-dive-se...
You want the name "internal.example.com". In your external DNS you create a CNAME from "_acme-challenge.internal.example.com" and point it to (e.g.) "internal.example.net" or "internal.dns-auth.example.com"
When you request the certificate you specify the "dns-01" method. The issuer (e.g., LE) will go to the the external DNS server for the look up, see that it is a CNAME and then follow the CNAME/alias, and do the verification at the final hostname.
So your ACME client has to do a DNS (TXT) record update, which can often be done via various APIs, e.g.:
* https://github.com/AnalogJ/lexicon
You can even run your own DNS server locally (in a DMZ?) if your DNS provider does not have an convenient API. There are servers written for this use case:
* https://github.com/joohoi/acme-dns
* https://github.com/joohoi/acme-dns-certbot-joohoi
* https://github.com/pawitp/acme-dns-server
-
Another free CA as an alternative to Let's Encrypt
I already had Bind on the machine so it was logical to add the zone there and utilize nsupdate : https://gist.github.com/kronthto/893715f12cc0b1cda9fcfdbd8dc...
But what you are suggesting should work just fine aswell - there should be no need for a persistent service. Of course the service would need to run on port 53, so you actually cannot have another nameserver on that machine already, and also require CAP_NET_BIND_SERVICE .
A quick search lead me to this python project that could be an inspiration: https://github.com/pawitp/acme-dns-server
Stats
pawitp/acme-dns-server is an open source project licensed under MIT License which is an OSI approved license.
The primary programming language of acme-dns-server is Python.
Popular Comparisons
Sponsored