• chevron_right

      acme-dns-tiny v3.0 has been released

      Adrien Dorsaz · / acme-dns-tiny · Monday, 15 August, 2022 - 19:00

    See release notes on acme-dns-tiny website and on the Gitlab project.

    acme-dns-tiny is simpler to configure thanks to the DNS resource records of type NS and SOA :-)

    Furthermore, by default, it times out if any server (ACME server or DNS server) doesn't responds timely (by default 10 seconds, to retrieve previous behavior disable it with value 0).

    • chevron_right

      acme-dns-tiny v2.4 released

      Adrien Dorsaz · / acme-dns-tiny · Friday, 1 October, 2021 - 20:45

    Feature fixed on v2.4:

    • correctly retrieve account information when it was already registred (afb7e988)
    • when DNS Host configuration is an IP address, use it correctly as name server (2776348a)
    • improve code stability by following hints from pyright (raises more explicit errors, fix function return type...)

    Continuous Integration:

    • Remove tests for Debian Jessie and add tests for Debian Bullseye (a745e655)
    • Validate all tests with the pebble tiny ACME server


    • Move documentation from wiki to /documentations directory so we can always synchronize it with code
    • chevron_right

      acme-dns-tiny 2.3 released

      Adrien Dorsaz · / acme-dns-tiny · Monday, 7 June, 2021 - 20:55

    Feature fixed on v2.3:

    • fix compatibility with dnspython 2.0 (#11)
    • fix issue when trying to apply DNS update on secondary server (thanks Sebastian Koechlin)
    • fix debug message when CNAME was not found
    • fix test chain assertion (a chain contains more than 1 certificate)

    Feature added:

    • skip already validated authorization challenge

    Continuous Integration improvement:

    • Debian Stretch tests were using Debian Jessie image
    • Enable Docker build uses BUILDKIT and the overlay2 filesystem driver


    • the .gitignore file has been simplified
    • chevron_right

      acme-dns-tiny v2.2 released and website updated

      Adrien Dorsaz · / acme-dns-tiny · Sunday, 14 June, 2020 - 17:23 edit

    I've just released v2.2 of acme-dns-tiny and updated texts on the project website.

    For the website, I hope it will be easier to understand what the project is.

    For the release v2.2, I wanted to just update continuous integration with my recent experience at job.

    Finally, it contains too code style update, check that acme-dns-tiny is compatible with the ACME RFC 8555 released since v2.1, some bug fixes which were already merged but never added to a release and some fixes backported from the acme-tiny upstream project.

    • chevron_right

      acme-dns-tiny v2.1 has been released WHITE SMILING FACE

      Adrien Dorsaz · / acme-dns-tiny · Sunday, 9 December, 2018 - 22:15

    v2.1 · Tags · Adrien Dorsaz / acme-dns-tiny

    This release does a jump from RFC draft 9 implementation to ACME RFC draft 16.

    Full details available on the tag v2.1.

    PS: that's not related to the recent dnspython 1.16 release 😉

    • chevron_right

      dnspython 1.16.0 has been announced

      Adrien Dorsaz · / acme-dns-tiny · Sunday, 9 December, 2018 - 19:56 edit

    Bob Halley has announced a new release of dnspython, a python library to do DNS stuff.

    As you may have seen, acme-dns-python heavily relies on dnspython to do its job and so we'll need to check if the script is still compatible with this new release.

    Please note that we should not have many troubles with the next 2.x release of dnspython as, acme-dns-python is already thought to be used only with Python 3.

    • Google Groups

      Mit Google Groups können Sie Online-Foren und E-Mail-basierte Gruppen erstellen, sich daran beteiligen und interessante Diskussionen mit anderen Mitgliedern führen.

    • chevron_right

      acme-dns-tiny v2.0 has been released

      Adrien Dorsaz · / acme-dns-tiny · Thursday, 3 May, 2018 - 18:49


    As announced last March, I've released the v2 branch in the master branch.

    If you want to continue to use the older Let's Encrypt API, please don't follow master branch, but be sure to use the tags v1.*.

    Note, I won't continue development of this version, as the ACME current draft allows to run wildcard requests and the developments made for the v2 branches have almost changed all the code.

    I wanted to take the oportunity too to thanks Gigadoc2 for its two interesting requests: the --csr command line option and the finer grained DNS policy update by use of CNAME.

    You'll find more details on the Gitalb tag v2.0 page:

    See you

    • chevron_right

      Coming soon: new release v2.0 compatible with Let's Encrypt API v2 (known as RFC ACME draft 09)

      Adrien Dorsaz · / acme-dns-tiny · Wednesday, 21 March, 2018 - 17:30 · 1 minute


    Let's Encrypt has announced their new API production endpoint is now available.

    That means you can now use the acme-dns-tiny code from branch v2 to use their new API and receive wilcard certificates.

    I've already used it on my own server and it seems to work well. I'll merge this branch in master by end of the week. Please be sure to follow tags instead of master branch on your productions to be sure to use the version you need.

    About the new code available in v2:

    • It's only compatible with ACME RFC draft-09 (the one currently used by Let's Encrypt) and can ask wildcard certificates
    • It has replaced the CheckChallengeDelay option by a TTL one which will be used to install TXT records on your server and wait before asking to check the challenge (defaulted to 10 seconds)
    • The way to declare contact options has been updated to follow the draft-09 recommendation
    • It has now a --verbose command argument to have a little bit more output
    • tools to deactivate an ACME account and to rollover keys have been updated too

    And, for advanced users:

    • For those who need to install exactly same configuration file on multiple servers, you can use the --csr command argument to specify the CSR file path (which is the option which will be different in this case)
    • If you installed a CNAME on domains prefixed by _acme-challenge, it will be followed to install the TXT records on the alias instead (note, it won't follow a chain of CNAME, just one alias). That allows you to configure TSIG keys on a different zone and have more precise DNS update policy.

    Hoping you'll like it !