Free DNS provider deSEC e.V. supported by Domino CertMgr
Daniel Nashed – 8 December 2021 15:32:00
Yesterday I got a blog post comment from Rainer asking about support for a DNS project I did not know about. Thanks Rainer for this question and tip!
It is a community driven project from a non profit organization providing free DNS.
They support Dyn DNS and provide DNS for dedicated domains.
For test purposed I registered a sub-domain "domino.dedyn.io".
This is a perfect fit for my Domino lab I am preparing for a one day DNUG Domino 12.0.1 CertMgr & certificate hands on workshop in January.
-------
Once you registered the account at https://desec.io you just have to specify your sub domain and an authorization token.
You can use the account with the new DNS-TXT API implementation I uploaded to the HCL GitHub project.
And it works well for
- A test domain for CertMgr testing
- Dyn DNS at home with a Domino server
- CNAME delegated DNS-01 requests for domain hosted at another provider
- And you can also use their UI or the REST API to create any type of DNS record for hosted servers
Some additional notes and a screen print
- This is also the most complex DNS-TXT API integration so far.
- The API has some limitations. Probably because of the way they designed their service back-end.
- So if you want to add another TXT record for a sub-domain/name, you have to first read the existing data and update the record with the new value.
- The REST based interface CertMgr in Domino 12.0 already provides query requests before an update or delete requests.
So I leveraged the query events to get the existing entries and had some @formula fun to calculate the updated record.
The integration is also a good reference how to build your own integrations.
You can download the new DXL file here --> https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/tree/main/dns-providers/desec
Tip: Take care to use the RAW format when downloading -- else you download the HTML stream.
With curl you could use this command-line:
curl -LO https://raw.githubusercontent.com/HCL-TECH-SOFTWARE/domino-cert-manager/main/dns-providers/desec/certstore_desec.dxl
-- Daniel
Here is a configuration once you have an account.
- Comments [3]
1Ulrich Krause 08.12.2021 17:24:40 Free DNS provider deSEC e.V. supported by Domino CertMgr
Great tipp. Thanks. Donated some money to the project.
2Peter Thomassen 08.12.2021 22:39:18 Free DNS provider deSEC e.V. supported by Domino CertMgr
Hi,
Thank you for writing on your experience with deSEC. Regarding your feedback on the RRset update API, we would love to discuss better solutions with you. Would you mind getting in touch with us via email?
Thanks!
Stay secure,
Peter
3Xiaoyun 06.11.2022 1:43:43 Free DNS provider deSEC e.V. supported by Domino CertMgr
Hi Daniel,
I followed the instructions and applied wildcard certificate within half an hour. It's easy to test the DNS-01 challenge now. Thanks!
Xiaoyun