pub-solar/infra
6
1
Fork 3
Code Issues 23 Pull requests 10 Actions Packages Projects 1 Releases Wiki Activity

garage: fix wildcard DNS cert renewal with wildcard CNAME records #245

Merged
teutat3s merged 1 commit from fix-dns-cert-renewal into main 2024-10-24 12:51:41 +00:00
Conversation 0 Commits 1 Files changed 2 +47 -46
teutat3s commented 2024-10-23 18:23:57 +00:00
Owner
Copy link

By usind wildcard CNAME records for *.buckets.pub.solar and *.web.pub.solar, we make lego
think it needs to validate challenges using these CNAME records. We actually want regular
_acme-challenge.* records, so use a environment variable to avoid CNAME
detection. This fixes DNS cert renewal. Still curious? See:
https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/

By usind wildcard CNAME records for `*.buckets.pub.solar` and `*.web.pub.solar`, we make `lego` think it needs to validate challenges using these CNAME records. We actually want regular _acme-challenge.* records, so use a environment variable to avoid CNAME detection. This fixes DNS cert renewal. Still curious? See: https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/
teutat3s added 1 commit 2024-10-23 18:23:58 +00:00
garage: fix wildcard DNS cert renewal with wildcard
All checks were successful
Flake checks / Check (pull_request) Successful in 20m13s
Details
9758aeda5d 
CNAME records

By usind wildcard CNAME records, we make lego think it needs to validate
challenges using these CNAME records. We actually want regular
_acme-challenge.* records, so use a environment variable to avoid CNAME
detection. This fixes DNS cert renewal. Still curious? See:
https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/
teutat3s requested review from b12f 2024-10-23 18:24:07 +00:00
teutat3s requested review from hensoko 2024-10-23 18:24:07 +00:00
teutat3s requested review from axeman 2024-10-23 18:24:07 +00:00
hensoko approved these changes 2024-10-24 12:35:32 +00:00
teutat3s merged commit cef7a561f3 into main 2024-10-24 12:51:41 +00:00
teutat3s deleted branch fix-dns-cert-renewal 2024-10-24 12:51:41 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
b12f
axeman
hensoko
Labels
Clear labels   
Bug

   
Docs

   
Feature request

   
Good for newcomers

   
Infra

   
Privacy

   
Refactoring or migration

   
Security
No labels
Bug
Docs
Feature request
Good for newcomers
Infra
Privacy
Refactoring or migration
Security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: pub-solar/infra#245
No description provided.
Delete branch "fix-dns-cert-renewal"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?