[Pdns-users] Powerdns with letsencrypt challenge

Cheikh Dieng tekdieng at gmail.com
Wed Jun 9 00:06:13 UTC 2021 

Hi,

I try to generate certificate via letsencrypt , to that i need to record
the following entry in my pdns server for letsencrypt challenge

_acme-challenge.cloud.lfpw.dsna.fr. 300 IN TXT "gfj9Xq...Rg85nM"

I'm using an ldapbackend with pdns in container mode.

How I can make this kind of input in dns server ?

1- When i try via pdnsutil tools , i receive that error message
*podman exec pdns pdnsutil add-record   cloud.lfpw.dsna.fr
<http://cloud.lfpw.dsna.fr>*  _acme-challenge  * TXT '"* gfj9Xq...Rg85nM
*"'*

Jun 08 19:57:56 [LdapBackend] LDAP servers = ldap://200.xx.xx.xx:1389/
Jun 08 19:57:56 [LdapBackend] Ldap connection succeeded
Jun 08 19:57:56 [LdapBackend] LDAP servers = ldap://200.xx.xx.xx:1389/
Jun 08 19:57:56 [LdapBackend] Ldap connection succeeded
Jun 08 19:57:56 [LdapBackend] Search = basedn:
dc=cloud,dc=lfpw,dc=dsna,dc=fr, filter: (&(associatedDomain= _acme-challenge
.cloud.lfpw.dsna.fr)(TXTRecord=*)), qtype: TXT
Jun 08 19:57:56 [LdapBackend] Search = basedn:
dc=cloud,dc=lfpw,dc=dsna,dc=fr, filter: (associatedDomain=_acme-challenge.
cloud.lfpw.dsna.fr),
 qtype: ANY

*backend did not accept the new RRset, aborting*
Jun 08 19:57:56 [LdapBackend] Ldap connection closed
Jun 08 19:57:56 [LdapBackend] Ldap connection closed

2- I try to do the record via my ldapserver with an ldif file

*This record is KO:*

dn: dc=_acme-challenge,dc=cloud,dc=lfpw,dc=dsna,dc=fr
objectclass: top
objectclass: dnsdomain
objectclass: dNSDomain2
objectclass: domainrelatedobject
dc: _acme-challenge
TXTRecord: "bzEja8EGD3dloAObjOgE2ZCNwPO4SUOrK3kmaVmJdMA"
associateddomain: *_acme-challenge.cloud.lfpw.dsna.fr
<http://acme-challenge.cloud.lfpw.dsna.fr>.*


  *This record is OK:  *

dn: dc=_acme-challenge,dc=cloud,dc=lfpw,dc=dsna,dc=fr
objectclass: top
objectclass: dnsdomain
objectclass: dNSDomain2
objectclass: domainrelatedobject
dc: _acme-challenge
TXTRecord: "bzEja8EGD3dloAObjOgE2ZCNwPO4SUOrK3kmaVmJdMA"
associateddomain: *_acme-challenge.cloud.lfpw.dsna.fr
<http://acme-challenge.cloud.lfpw.dsna.fr>*

The record for challenge must be:  *_acme-challenge.cloud.lfpw.dsna.fr
<http://acme-challenge.cloud.lfpw.dsna.fr>.* (with* .* at the end)

Thanks for your help !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20210609/9488b3a4/attachment.htm>

More information about the Pdns-users mailing list