Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

Setting TXT records via AWS CLI for ACME DNS-01 challenges

Daniel Nashed – 13 May 2021 06:57:00

Most of the Domino V12 CertMgr integrations for DNS-01 challenges I built so far, leverage REST API interfaces.

This isn't an option for AWS DNS. But we finally found a straightforward way using the AWS CLI.

All the AWS Route 53 implementations I saw for other ACME implementations looked pretty complicated.


We just authorized the machine to modify the DNS sub domain. Requests looks like what you see below. You can just specify a JSON file.

In my final script I am just passing the zone ID and replace variables I added instead of the sample values below.


This might be useful also for others integrating with AWS for TXT record updates -- or even other DNS automation.


You will find the full integration script later in the planned HCL open source GitHub repo for Domino V12 CertMgr along with more DNS-01 API integration configurations.

If you need this for CertMgr today, just ping me.


-- Daniel



Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/simple-resource-record-route53-cli/

Example command and JSON file:


aws route53 change-resource-record-sets --hosted-zone-id Z012345671ABCD123L42 --change-batch
file://txt_create.json

The inner quotes in the value are important. AWS expects an inner quoted string for TXT records.



txt_create.json

---------------


{

 "Changes": [

   {

     "Action": "CREATE",

     "ResourceRecordSet": {

       "Name": "_acme-challenge.newton.acme.com",

       "Type": "TXT",

       "TTL": 30,

       "ResourceRecords": [

         {

           "Value": "\"duakBxodnTeocISUOQr1vnQfQ09Axv0Sihk0GrHSevI\""

         }

       ]

     }

   }

 ]

}


Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]