Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns-01 challenge data is not provided for teardown #312

Closed
domrim opened this issue Jun 12, 2023 · 2 comments
Closed

dns-01 challenge data is not provided for teardown #312

domrim opened this issue Jun 12, 2023 · 2 comments

Comments

@domrim
Copy link

domrim commented Jun 12, 2023

The ACME-Standard allows to have multiple challenges for the same FQDN at the same time. (As multiple TXT records can exist for one FQDN)

The described functionality of the MDChallengeDns01 executable has following statement:

/usr/bin/acme-setup-dns teardown mydomain.com
# this needs to remove all existing DNS TXT records for 
# _acme-challenge.mydomain.com

This does not allow to only delete the challenge which was deployed for this apache. This is prevents deployments with redundant web servers (like anycasted ones, ...) using apache and mod_md.

I would suggest to also provide the challenge for the teardown command.
@icing
Copy link
Owner

icing commented Jun 13, 2023

Sounds like a reasonable suggestion to me.

icing added a commit that referenced this issue Jul 12, 2023
@icing
* New directive MDChallengeDns01Version. Setting this to 2 will …
3944689 
…provide

   the command also with the challenge value on `teardown` invocation. In version
   1, the default, only the `setup` invocation gets this parameter.
   Refs #312. Thanks to @domrim for the idea.
@icing icing mentioned this issue Jul 12, 2023
Merged
@icing
Copy link
Owner

icing commented Jul 12, 2023
edited
Loading

Just provided this to master, part of the next release. For backward compatibility, one needs to configure MDChallengeDns01Version 2 globally, then the script gets the challenge on teardown.

Thanks for the suggestion.

@icing icing closed this as completed Jul 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@icing @domrim