- Notifications
You must be signed in to change notification settings - Fork6
Go library to handle acme-dns client communication and persistent account storage.
License
nrdcg/goacmedns
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A Go library to handleacme-dns client communication and persistent account storage.
You may also be interested in a Python equivalentpyacmedns.
Once you haveinstalled Go 1.21+ you can installgoacmedns withgo install:
go install github.com/nrdcg/goacmedns/cmd/goacmedns@latest
The following is a short example of using the library to update a TXT record served by anacme-dns instance.
package mainimport ("context""errors""log""github.com/nrdcg/goacmedns""github.com/nrdcg/goacmedns/storage")const (domain="your.example.org")var (whitelistedNetworks= []string{"192.168.11.0/24","[::1]/128"})funcmain() {// Initialize the client. Point it towards your acme-dns instance.client,err:=goacmedns.NewClient("https://auth.acme-dns.io")ctx:=context.Background()// Initialize the storage.// If the file does not exist, it will be automatically created.st:=storage.NewFile("/tmp/storage.json",0600)// Check if credentials were previously saved for your domain.account,err:=st.Fetch(ctx,domain)iferr!=nil {if!errors.Is(err,storage.ErrDomainNotFound) {log.Fatal(err)}// The account did not exist.// Let's create a new one The whitelisted networks parameter is optional and can be nil.newAcct,err:=client.RegisterAccount(ctx,whitelistedNetworks)iferr!=nil {log.Fatal(err)}// Save iterr=st.Put(ctx,domain,newAcct)iferr!=nil {log.Fatalf("Failed to put account in storage: %v",err)}err=st.Save(ctx)iferr!=nil {log.Fatalf("Failed to save storage: %v",err)}account=newAcct}// Update the acme-dns TXT record.err=client.UpdateTXTRecord(ctx,account,"___validation_token_recieved_from_the_ca___")iferr!=nil {log.Fatal(err)}}
When usinggoacmedns with an ACME client hookit may be desirable to do the initial ACME-DNS account creation and CNAME delegation ahead of time.
Thegoacmedns command line utility provides an easy way to do this:
go install github.com/nrdcg/goacmedns/cmd/goacmedns@latestgoacmedns -api http://10.0.0.1:4443 -domain example.com -allowFrom 192.168.100.1/24,1.2.3.4/32,2002:c0a8:2a00::0/40 -storage /tmp/example.storage.json
This will register an account forexample.com that is only usable from the specified CIDR-allowFrom networks with the ACME-DNS server athttp://10.0.0.1:4443,saving the account details in/tmp/example.storage.json and printing the required CNAME record for theexample.com DNS zone to stdout.
About
Go library to handle acme-dns client communication and persistent account storage.
