[dnsdist] dnscrypt cert roller

powerdns at email.shininet.org powerdns at email.shininet.org
Sun Feb 16 23:18:58 UTC 2020


I've written a lua script to help roll over dnscrypt certs hourly.
Making it avail to anyone who might find it helpful, no claims about
how many bugs it may have.  Feel free to update and repost.

To use: call `certrot_init(privkeyfile)` on load in config, and call
`certrot_genRotate()` hourly via cron

Default valid range is from -1h to +2h. genRotate will create a new
cert, apply it to all binds, move all other certs to inactive
status, and remove them if Now is past validUntil.

< file attached and avail: https://pastebin.com/bNdygNxz >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: certrot.lua
Type: text/x-lua
Size: 1669 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20200216/88b51946/attachment.bin>


More information about the dnsdist mailing list