diff options
Diffstat (limited to '')
-rw-r--r-- | dehydrated/share/man/dehydrated-hook.1.rst | 3 | ||||
-rw-r--r-- | dehydrated/share/man/dehydrated-nsupdate.1.rst | 116 |
2 files changed, 118 insertions, 1 deletions
diff --git a/dehydrated/share/man/dehydrated-hook.1.rst b/dehydrated/share/man/dehydrated-hook.1.rst index 6aef673..2a8951c 100644 --- a/dehydrated/share/man/dehydrated-hook.1.rst +++ b/dehydrated/share/man/dehydrated-hook.1.rst @@ -84,7 +84,8 @@ The following files are used: See also ======== -| dehydrated(1) +| dehydrated(1), +| dehydrated-nsupdate(1). Homepage ======== diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst new file mode 100644 index 0000000..bf6be3c --- /dev/null +++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst @@ -0,0 +1,116 @@ +.. Open Infrastructure: service-tools + +.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=================== +dehydrated-nsupdate +=================== + +--------------------------------------- +dehydrated hook for dns-01 verification +--------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **dehydrated-nsupdate** + +Description +=========== + +**dehydrated** is a client for ACME-based Certificate Authorities, such as +LetsEncrypt. It can be used to request and obtain TLS certificates from an +ACME-based certificate authority. + +The **dehydrated-nsupdate** hook implements the dns-01 verification. It is +typically run together with **dehydrated-hook** as: + +| /etc/dehydrated/hook.d/deploy_challenge.nsupdate + +| /etc/dehydrated/hook.d/clean_challenge.nsupdate + +Features +======== + +**dehydrated-nsupdate** has the following features: + +| **automatic nameserver detection** +| **dehydrated-nsupdate** automatically finds and updates all authoritative +| nameservers for a given record by looking up the records in the DNS by itself. + +| **proper CNAME support** +| **dehydrated-nsupdate** follows CNAMEs delegating the TXT record creation to +| another zone. + +| **handling nameserver subzone shortcuts** +| **dehydrated-nsupdate** correctly handles authoritative nameserver +| answers that give shortcut answers for their own zones when using +| multiple subzones. + +| **TSIG support** +| **dehydrated-nsupdate** uses TSIG, if provided, to authenticate +| itself to the nameserver. + +| **proper removal of TXT records** +| **dehydrated-nsupdate** removes records after succesfull verification. + +| **bind9-dnsutils and knot-dnsutils support* +| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot). + +Files +===== + +The following files are used: + +/etc/dehydrated/tsig.key: + default location for the TSIG key to be used. + +/etc/default/dehydrated-nsupdate, /etc/default/dehydrated-nsupdate.d/*: + configuration file, currently only used for TSIG_KEYFILE variable pointing + to the tsig.key file to be used (default: /etc/dehydrated/tsig.key). + +See also +======== + +| dehydrated(1), +| dehydrated-hook(1). + +Homepage +======== + +More information about service-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +service-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. |