summaryrefslogtreecommitdiffstats
path: root/dehydrated
diff options
context:
space:
mode:
Diffstat (limited to 'dehydrated')
-rw-r--r--dehydrated/share/man/dehydrated-hook.1.rst3
-rw-r--r--dehydrated/share/man/dehydrated-nsupdate.1.rst116
2 files changed, 118 insertions, 1 deletions
diff --git a/dehydrated/share/man/dehydrated-hook.1.rst b/dehydrated/share/man/dehydrated-hook.1.rst
index 6aef673..2a8951c 100644
--- a/dehydrated/share/man/dehydrated-hook.1.rst
+++ b/dehydrated/share/man/dehydrated-hook.1.rst
@@ -84,7 +84,8 @@ The following files are used:
See also
========
-| dehydrated(1)
+| dehydrated(1),
+| dehydrated-nsupdate(1).
Homepage
========
diff --git a/dehydrated/share/man/dehydrated-nsupdate.1.rst b/dehydrated/share/man/dehydrated-nsupdate.1.rst
new file mode 100644
index 0000000..bf6be3c
--- /dev/null
+++ b/dehydrated/share/man/dehydrated-nsupdate.1.rst
@@ -0,0 +1,116 @@
+.. Open Infrastructure: service-tools
+
+.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+..
+.. SPDX-License-Identifier: GPL-3.0+
+..
+.. This program is free software: you can redistribute it and/or modify
+.. it under the terms of the GNU General Public License as published by
+.. the Free Software Foundation, either version 3 of the License, or
+.. (at your option) any later version.
+..
+.. This program is distributed in the hope that it will be useful,
+.. but WITHOUT ANY WARRANTY; without even the implied warranty of
+.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.. GNU General Public License for more details.
+..
+.. You should have received a copy of the GNU General Public License
+.. along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+===================
+dehydrated-nsupdate
+===================
+
+---------------------------------------
+dehydrated hook for dns-01 verification
+---------------------------------------
+
+:manual section: 1
+:manual group: Open Infrastructure
+
+Synopsis
+========
+
+| **dehydrated-nsupdate**
+
+Description
+===========
+
+**dehydrated** is a client for ACME-based Certificate Authorities, such as
+LetsEncrypt. It can be used to request and obtain TLS certificates from an
+ACME-based certificate authority.
+
+The **dehydrated-nsupdate** hook implements the dns-01 verification. It is
+typically run together with **dehydrated-hook** as:
+
+| /etc/dehydrated/hook.d/deploy_challenge.nsupdate
+
+| /etc/dehydrated/hook.d/clean_challenge.nsupdate
+
+Features
+========
+
+**dehydrated-nsupdate** has the following features:
+
+| **automatic nameserver detection**
+| **dehydrated-nsupdate** automatically finds and updates all authoritative
+| nameservers for a given record by looking up the records in the DNS by itself.
+
+| **proper CNAME support**
+| **dehydrated-nsupdate** follows CNAMEs delegating the TXT record creation to
+| another zone.
+
+| **handling nameserver subzone shortcuts**
+| **dehydrated-nsupdate** correctly handles authoritative nameserver
+| answers that give shortcut answers for their own zones when using
+| multiple subzones.
+
+| **TSIG support**
+| **dehydrated-nsupdate** uses TSIG, if provided, to authenticate
+| itself to the nameserver.
+
+| **proper removal of TXT records**
+| **dehydrated-nsupdate** removes records after succesfull verification.
+
+| **bind9-dnsutils and knot-dnsutils support*
+| **dehydrated-nsupdate** works with both nsupdate (bind9) and knsupdate (knot).
+
+Files
+=====
+
+The following files are used:
+
+/etc/dehydrated/tsig.key:
+ default location for the TSIG key to be used.
+
+/etc/default/dehydrated-nsupdate, /etc/default/dehydrated-nsupdate.d/*:
+ configuration file, currently only used for TSIG_KEYFILE variable pointing
+ to the tsig.key file to be used (default: /etc/dehydrated/tsig.key).
+
+See also
+========
+
+| dehydrated(1),
+| dehydrated-hook(1).
+
+Homepage
+========
+
+More information about service-tools and the Open Infrastructure project can be
+found on the homepage (https://open-infrastructure.net).
+
+Contact
+=======
+
+Bug reports, feature requests, help, patches, support and everything else are
+welcome on the Open Infrastructure Software Mailing List
+<software@lists.open-infrastructure.net>.
+
+Debian specific bugs can also be reported in the Debian Bug Tracking System
+(https://bugs.debian.org).
+
+Authors
+=======
+
+service-tools were written by Daniel Baumann
+<daniel.baumann@open-infrastructure.net> and others.