Automating changes of TXT records in DNS

Let's wait for them to package the whole service together, with proper documentation. I'm sure it's quite involved on the back end.
 
atakama said:
The new endpoints at https://dynamic.zoneedit.com/txt-create.php and https://dynamic.zoneedit.com/txt-delete.php don't seem to work. If you try to add or delete records using these endpoints, the changes are only visible on the website. When querying the actual DNS servers, the old records are returned. So the scripts are not notifying the DNS servers to reload/apply the new zone config, like the web interface does.
Click to expand...
I'm using acme.sh and the DNS verification method using those ZoneEdit endpoints that I've link above on github with great success. The web interface updates immediately, but the DNS systems need time to propagate. acme.sh will by default wait until valid DNS records are returned before submitting its request to the cert authority.

The only problem I've had lately is ZeroSSL's API being unreliable so I switched back to Let's Encrypt. (acme.sh --server letsencrypt --set-default-ca)
 
Indeed, updates via the API take more than 1 minute to apply. Waiting for the new records to be returned does the trick, thanks for the tip!
 
  • Like
Reactions: zef
daBee said:
Again, any new notes on this renewal process?
Click to expand...
Are you waiting for a turn-key solution from ZE? (Edit for future readers: I fail at words, I should have asked something along the lines of what would you like to accomplish?. For instance, if just want to run your own web server, Caddy Server (*) would be pretty turn-key. By default, automagical ACME SSL certificates without needing to touch DNS. This thread was started late 2017, so I'm guessing progress will probably be slow, but that's fine, we have lots of ways to accomplish what we want, that's why we like running our own services, right?)

(*) I didn't know Caddy existed until I saw it used in a Docker container. So far I've been enjoying it on my public facing server.
 
Last edited:
zef said:
Are you waiting for a turn-key solution from ZE?
Click to expand...

I know some of this might be difficult reading, but on Jan 10, we were conversing about...a solution from Zoneedit with regards to the DNS entries. Stop being so bloody rude.
 
daBee said:
I know some of this might be difficult reading, but on Jan 10, we were conversing about...a solution from Zoneedit with regards to the DNS entries. Stop being so bloody rude.
Click to expand...
I was trying hard not to sound rude, I edited it several times hoping it would not come off that way. Sorry about that, I'm just genuinely curious what you were hoping ZE was going to provide that would be any better than what the opensource community has already provided.

@sandy, I have a question, is the solution going to be a more complete API? Or are there plans for maybe some kind of web interface to generate the certificate and keys which you can then downloaded to your server? (I've seen this with another service provider I use.)

Edit: I've been wondering too because I was working on acme.sh integration for ZE. If the temporary API is getting replaced soon, I shouldn't spend additional time on it. I have it working good enough, but not what I consider perfect and ready to submit to acme.sh official.
 
Last edited:
Open source didn't work, as I posted. Second, I'd trust ZE to know more about their internal structure to provide a solution. Third, they said they were working on something, so I was expecting something from them. They are the best qualified, as I see it, seeing I would be modifying my records in their system.

Given the fact that some certs require renewal every 3 months, a proper script to achieve this and get success or failure, would be pragmatic.
 
I just switched to the `acme.sh` solution using `zerossl.com`. Could use a little polishing, but it works.
 
You must log in or register to reply here.
Back
Top