Automating changes of TXT records in DNS
- Thread starter Alberto Pace
- Start date
What kind? https://github.com/blueslow/sslcertzoneedit is now fully functional using the provided (temporary?) API.
If you have some errors, could you post them to https://github.com/blueslow/sslcertzoneedit/issues ?
The new endpoints at https://dynamic.zoneedit.com/txt-create.php and https://dynamic.zoneedit.com/txt-delete.php don't seem to work. If you try to add or delete records using these endpoints, the changes are only visible on the website. When querying the actual DNS servers, the old records are returned. So the scripts are not notifying the DNS servers to reload/apply the new zone config, like the web interface does.
I'm using acme.sh and the DNS verification method using those ZoneEdit endpoints that I've link above on github with great success. The web interface updates immediately, but the DNS systems need time to propagate. acme.sh will by default wait until valid DNS records are returned before submitting its request to the cert authority.
The only problem I've had lately is ZeroSSL's API being unreliable so I switched back to Let's Encrypt. (acme.sh --server letsencrypt --set-default-ca)
Are you waiting for a turn-key solution from ZE? (Edit for future readers: I fail at words, I should have asked something along the lines of what would you like to accomplish?. For instance, if just want to run your own web server, Caddy Server (*) would be pretty turn-key. By default, automagical ACME SSL certificates without needing to touch DNS. This thread was started late 2017, so I'm guessing progress will probably be slow, but that's fine, we have lots of ways to accomplish what we want, that's why we like running our own services, right?)
(*) I didn't know Caddy existed until I saw it used in a Docker container. So far I've been enjoying it on my public facing server.
Last edited:
I was trying hard not to sound rude, I edited it several times hoping it would not come off that way. Sorry about that, I'm just genuinely curious what you were hoping ZE was going to provide that would be any better than what the opensource community has already provided.
@sandy, I have a question, is the solution going to be a more complete API? Or are there plans for maybe some kind of web interface to generate the certificate and keys which you can then downloaded to your server? (I've seen this with another service provider I use.)
Edit: I've been wondering too because I was working on acme.sh integration for ZE. If the temporary API is getting replaced soon, I shouldn't spend additional time on it. I have it working good enough, but not what I consider perfect and ready to submit to acme.sh official.
Last edited:
daBee
New Member
Open source didn't work, as I posted. Second, I'd trust ZE to know more about their internal structure to provide a solution. Third, they said they were working on something, so I was expecting something from them. They are the best qualified, as I see it, seeing I would be modifying my records in their system.
Given the fact that some certs require renewal every 3 months, a proper script to achieve this and get success or failure, would be pragmatic.
Given the fact that some certs require renewal every 3 months, a proper script to achieve this and get success or failure, would be pragmatic.
