Web lists-archives.com

Re: [Samba] dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)




Am 15.01.19 um 19:47 schrieb Kris Lou via samba:
> Just to clarify, your hook allows dehydrated to lookup DNS to an internal
> Samba (or Bind_DLZ) server for DNS-01 verification in certificate
> generation?

It allows dehydrated to *add* DNS entries to authenticate domain
ownership to LetsEncrypt. And then to generate certs for this domain,
yeah. Obviously this only works if your domain is externally
connectable, DOMAIN.LOCAL won't do. But IIRC the documentation, it's not
a good solution anyways.

We actually use dnsdist and powerdns for our DNS-Domains. Our AD-Domain
is a subdomain of one and gets requests for that subdomain via dnsdist

Best,
Jakob


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba