• Ac chevron_right

    acme-dns-tiny v2.0 has been released

    Adrien Dorsaz – community.adorsaz.ch / acme-dns-tiny – Jeudi, 3 Mai - 18:49

Hello,

As announced last March, I've released the v2 branch in the master branch.

If you want to continue to use the older Let's Encrypt API, please don't follow master branch, but be sure to use the tags v1.*.

Note, I won't continue development of this version, as the ACME current draft allows to run wildcard requests and the developments made for the v2 branches have almost changed all the code.

I wanted to take the oportunity too to thanks Gigadoc2 for its two interesting requests: the --csr command line option and the finer grained DNS policy update by use of CNAME.

You'll find more details on the Gitalb tag v2.0 page: https://projects.adorsaz.ch/adrien/acme-dns-tiny/tags/v2.0

See you

  • Ac chevron_right

    Coming soon: new release v2.0 compatible with Let's Encrypt API v2 (known as RFC ACME draft 09)

    Adrien Dorsaz – community.adorsaz.ch / acme-dns-tiny – Mercredi, 21 Mars - 17:30

Hello,

Let's Encrypt has announced their new API production endpoint is now available.

That means you can now use the acme-dns-tiny code from branch v2 to use their new API and receive wilcard certificates.

I've already used it on my own server and it seems to work well. I'll merge this branch in master by end of the week. Please be sure to follow tags instead of master branch on your productions to be sure to use the version you need.

About the new code available in v2:

  • It's only compatible with ACME RFC draft-09 (the one currently used by Let's Encrypt) and can ask wildcard certificates
  • It has replaced the CheckChallengeDelay option by a TTL one which will be used to install TXT records on your server and wait before asking to check the challenge (defaulted to 10 seconds)
  • The way to declare contact options has been updated to follow the draft-09 recommendation
  • It has now a --verbose command argument to have a little bit more output
  • tools to deactivate an ACME account and to rollover keys have been updated too

And, for advanced users:

  • For those who need to install exactly same configuration file on multiple servers, you can use the --csr command argument to specify the CSR file path (which is the option which will be different in this case)
  • If you installed a CNAME on domains prefixed by _acme-challenge, it will be followed to install the TXT records on the alias instead (note, it won't follow a chain of CNAME, just one alias). That allows you to configure TSIG keys on a different zone and have more precise DNS update policy.

Hoping you'll like it !