Skip to content

DNS Provider Configuration

Jump to bottom
Tatsuro Shibamura edited this page Sep 9, 2021 · 28 revisions

Supported DNS Providers

For DNS providers that are not supported, it is possible to implement your own API.

Amazon Route 53

App settings

  • Acmebot:Route53:AccessKey
    • IAM access key
  • Acmebot:Route53:SecretKey
    • IAM secret key
  • Acmebot:Route53:Region
    • Default AWS region

Add permissions to IAM

Acmebot requires the following permissions for Route 53 and Hosted Zone.

  • route53:ChangeResourceRecordSets
  • route53:ListResourceRecordSets
  • route53:ListHostedZones

Example IAM Policy

{
     "Sid": "VisualEditor1",
     "Effect": "Allow",
     "Action": [
         "route53:ChangeResourceRecordSets",
         "route53:ListResourceRecordSets"
      ],
     "Resource": "arn:aws:route53:::hostedzone/YOUR_ZONE_ID"
},
{
      "Sid": "VisualEditor2",
      "Effect": "Allow",
      "Action": "route53:ListHostedZones",
      "Resource": "*"
  }

Azure DNS

App settings

  • Acmebot:AzureDns:SubscriptionId
    • Subscription ID include Azure DNS

Add access control (IAM) to Azure DNS

Open the Access Control (IAM) of the target DNS zone or resource group containing the DNS zone, and assign the role of DNS Zone Contributor to the deployed application.

temp

Cloudflare

App settings

  • Acmebot:Cloudflare:ApiToken
    • API Token (requires Zone:Read and DNS:Edit permissions)

Example API Token configuration

image

DNS Made Easy

  • Acmebot:DnsMadeEasy:ApiKey
  • Acmebot:DnsMadeEasy:SecretKey
    • DNS Made Easy API credentials

GoDaddy

  • Acmebot:GoDaddy:ApiKey
  • Acmebot:GoDaddy:ApiSecret
    • GoDaddy API credentials

Google Cloud DNS

App settings

  • Acmebot:GoogleDns:KeyFile64

Generate key file

  1. Create a service account for your project with DNS readwrite access. (https://www.googleapis.com/auth/ndev.clouddns.readwrite)
  2. Generate and download a json keyfile.
  3. Take keyfile contents and encode them in base64
  4. Create a new application setting named Acmebot:Google:KeyFile64 and paste the base64 encoded string into it.

GratisDNS

  • Acmebot:GratisDns:Username
  • Acmebot:GratisDns:Password
    • GratisDNS admin credentials

TransIP DNS

  • Acmebot:TransIp:CustomerName
    • The customer name / username of your TransIp account
  • Acmebot:TransIp:PrivateKeyName
    • The name of the private key in the Azure Key Vault

Custom DNS

  • Acmebot:CustomDns:Endpoint
    • Custom DNS API endpoint uri
  • Acmebot:CustomDns:ApiKey
    • Custom DNS API endpoint auth key
  • Acmebot:CustomDns:PropagationSeconds
    • Time to wait for DNS changes to propagate. Default is 180

Required endpoint spec

  • List Zones
    • GET zones
  • Upsert record
    • PUT zones/{zone.Id}/records/{recordName}
  • Delete record
    • DELETE zones/{zone.Id}/records/{recordName}
Clone this wiki locally