Implements validation using CNAMEs and RFC2138, as described in the
Let's Encrypt documentation.
For instance, if requesting the domain "test.net" with a CNAME from
"_acme-challenge.test.net" to "_acme-challenge.ledomain.net". As per the
spec this is fully supported, but using RFC2138 and nsupdate, acme.sh
did not support this properly, instead trying to add the record to the
original fulldomain unconditionally.
To implement this, this commit adds an additional environment variable,
NSUPDATE_CNAME_ZONE, which would contain the target zone, for instance
in the example above, "ledomain.net". If this variable is set, nsupdate
then adds/removes the _acme-validation TXT record to that zone instead
of the requested zone, as well as printing a helpful message mentioning
that the CNAME must exist for this to succeed.
Previously, the else was assumed to be the one where NSUPDATE_ZONE was
set. Flip this in order to facilitate adding additional nsupdate
configurations.
Some DNS servers for which dns_nsupdate.sh is applicable (such
as dyn.com's 'Standard DNS' TSIG update mechanism), require that
the zone be set during the nsupdate transaction. Therefore we
add a new environment variable NSUPDATE_ZONE which is used to
set the zone for the DNS TSIG transaction.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
When debug is enabled, also use nsupdate's debug logging
so that the user can see potential issues with the nsupdate
transaction.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
on Ubuntu 14.04.1 LTS if nsupdate runs without port number given it treated argument following server name as port number.
and throws error:
```
port 'update' is not numeric
syntax error
```
Peter Dave Hello
Joshua Boniface
neilpang
Daniel F. Dickinson
AlexeyStolyarov
klemens
neilpang
Philippe Kueck