Added validation with ns1.com DNS. Documentation updated accordingly #26
Conversation
|
Looks great on a first glance! Thanks a lot already! I'll take a closer look this weekend. |
| @@ -140,12 +140,18 @@ With this config, if `/var/www/challenges/` is empty, your HTTP server will beha | |||
|
|
|||
| If DNS challenges are used, the following variables define how the challenges can be fulfilled: | |||
|
|
|||
| - `dns_provider`: must be one of `route53`, `hosttech` or `gcdns`. Each needs more information: | |||
| - `dns_provider`: must be one of `route53`, `hosttech`, `gcdns` or `ns1`. Each needs more information: | |||
There was a problem hiding this comment.
It's probably time to remove gcdns; I implemented it only partially, and since apparently nobody bothered to fix it, I guess I'll remove it.
| curl --create-dirs -L -o ~/.ansible/plugins/modules/ns1_record.py https://github.com/ns1/ns1-ansible-modules/raw/master/library/ns1_record.py | ||
| ``` | ||
|
|
||
| Please note that the DNS challenge code is experimental. The Route 53, Hosttech and NS1 functionality has been tested. Also, the code tries to extract the DNS zone from the domain by taking the last two components separated by dots. This will fail for example for `.co.uk` domains or other nested zones. |
There was a problem hiding this comment.
I guess I can remove the experimental, after a couple of years of using it in production...
| Please note that the DNS challenge code is experimental. The Route 53 and Hosttech functionality has been tested. Also, the code tries to extract the DNS zone from the domain by taking the last two components separated by dots. This will fail for example for `.co.uk` domains or other nested zones. | ||
| ```bash | ||
| curl --create-dirs -L -o ~/.ansible/plugins/module_utils/ns1.py https://github.com/ns1/ns1-ansible-modules/raw/master/module_utils/ns1.py | ||
| curl --create-dirs -L -o ~/.ansible/plugins/modules/ns1_record.py https://github.com/ns1/ns1-ansible-modules/raw/master/library/ns1_record.py |
There was a problem hiding this comment.
That would get a lot easier if the modules were in a collection (ns1/ns1-ansible-modules#32). Also reminds me that I should put the hosttech modules into a collection...
There was a problem hiding this comment.
Totally agree with you. Thanks for found issue in NS1 repository, I voted it too.
When NS1 code will be published as collection, I'll update the Readme of your acme-certificate role accordingly.
ghost
deleted the
|
Thank you very much |
Hi. Thank you for sharing this role, it's very useful.
I want to propose update the list of DNS-01 challenges with
ns1provider (https://ns1.com/)Two new files were added by this PR. They similar to existing tasks for
route53challenge.Functionality tested in Ubuntu 18.04 with Ansible 2.9.6 by creation and check of several certificates (wildcard and usual).
dns-ns1-create.yml additionally checking if DNS record is already publicly available. I used 'dig' utility, assuming it's preinstalled in most of distributive, but maybe you will decide replace it with simple 'pause' module as already used in dns-hosttech-create.yml.
Functionality depends on additional module ns1_record located in https://github.com/ns1/ns1-ansible-modules - so I described this in README.md with example where to get and place necessary files.
I'll be glad to help in case of any questions.
Thank you.