acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely

  •        89

A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Many DNS servers do not provide an API to enable automation for the ACME DNS challenges. Those which do, give the keys way too much power. Leaving the keys laying around your random boxes is too often a requirement to have a meaningful process automation.

https://github.com/joohoi/acme-dns

Tags
Implementation
License
Platform

   




Related Projects

acme - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

  •    Go

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly integrate into your webserver setup to enable automatic verification. Unlike the official Let's Encrypt client, this doesn't modify your web server configuration.You can perform verifications using port 80 or 443 (if you don't yet have a server running on one of them); via webroot; by configuring your webserver to proxy requests for /.well-known/acme-challenge/ to a special port (402) which acmetool can listen on; or by configuring your webserver not to listen on port 80, and instead running acmetool's built in HTTPS redirector (and challenge responder) on port 80. This is useful if all you want to do with port 80 is redirect people to port 443.

rancher-letsencrypt - :cow: Rancher service that obtains and manages free SSL certificates from the Let's Encrypt CA

  •    Go

A Rancher service that obtains free SSL/TLS certificates from the Let's Encrypt CA, adds them to Rancher's certificate store and manages renewal and propagation of updated certificates to load balancers. If using the HTTP challenge, a reverse proxy that routes example.com/.well-known/acme-challenge to rancher-letsencrypt.

acmetool - :lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)

  •    Go

acmetool is an easy-to-use command line tool for automatically acquiring certificates from ACME servers (such as Let's Encrypt). Designed to flexibly integrate into your webserver setup to enable automatic verification. Unlike the official Let's Encrypt client, this doesn't modify your web server configuration. You can perform verifications using port 80 or 443 (if you don't yet have a server running on one of them); via webroot; by configuring your webserver to proxy requests for /.well-known/acme-challenge/ to a special port (402) which acmetool can listen on; or by configuring your webserver not to listen on port 80, and instead running acmetool's built in HTTPS redirector (and challenge responder) on port 80. This is useful if all you want to do with port 80 is redirect people to port 443.

acme-client - Let's Encrypt / ACME client written in PHP for the CLI.

  •    PHP

kelunik/acme-client is an ACME client written in PHP. ACME is the protocol that powers the Let's Encrypt certificate authority.


kube-cert-manager - Manage Lets Encrypt certificates for a Kubernetes cluster.

  •    Go

This project is loosely based on https://github.com/kelseyhightower/kube-cert-manager It took over most of its documentation, license, as well as the general approach to how things work. The code itself however, was entirely reimplemented to use xenolf/lego as the basis, instead of reimplementing an ACME client and DNS plugins.

certmagic - Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

  •    Go

CertMagic is the most mature, robust, and capable ACME client integration for Go. With CertMagic, you can add one line to your Go application to serve securely over TLS, without ever having to touch certificates.

certmagic - Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal

  •    Go

CertMagic is the most mature, robust, and capable ACME client integration for Go... and perhaps ever. With CertMagic, you can add one line to your Go application to serve securely over TLS, without ever having to touch certificates.

certbot - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server

  •    Python

Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server. Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let's Encrypt is free, so there’s no need to arrange payment.

dokku-letsencrypt - BETA: Automatic Let's Encrypt TLS Certificate installation for dokku

  •    Shell

dokku-letsencrypt is the official plugin for dokku that gives the ability to automatically retrieve and install TLS certificates from letsencrypt.org. During ACME validation, your app will stay available at any time.Note: Your app must already be deployed and accessible in the browser in order to add letsencrypt to your app. Your app just being created is not enough. If you need to, add a temporary certificate to your app prior to adding letsencrypt by running dokku certs:generate <app> DOMAIN to make your app accessible.

boulder - An ACME-based CA, written in Go.

  •    Go

This is an implementation of an ACME-based CA. The ACME protocol allows the CA to automatically verify that an applicant for a certificate actually controls an identifier, and allows domain holders to issue and revoke certificates for their domains.Boulder has a Dockerfile to make it easy to install and set up all its dependencies. This is how the maintainers work on Boulder, and is our main recommended way to run it.

dehydrated - letsencrypt/acme client implemented as a shell-script – just add water

  •    Shell

It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed. Please keep in mind that this software and even the acme-protocol are relatively young and may still have some unresolved issues. Feel free to report any issues you find with this script or contribute by submitting a pull request.

lexicon - Manipulate DNS records on various DNS providers in a standardized way.

  •    Python

Manipulate DNS records on various DNS providers in a standardized/agnostic way. Lexicon provides a way to manipulate DNS records on multiple DNS providers in a standardized way. Lexicon has a CLI but it can also be used as a python library.

tenta-dns - Recursive and authoritative DNS server in go, including DNSSEC and DNS-over-TLS

  •    Go

Tenta DNS provides a DNS server suite comprising an authoritative DNS server, recursive DNS server, and NSnitch, which provides a DNS server capable of recording the IP address of requests made against it and then makes that IP available via a JSON API. Tenta DNS also provides lookups for Tor Node membership, DNS blacklist status and Geo data. Finally, Tenta DNS includes built-in BGP integration, offering single engine convenience for DNS anycasting. We welcome people to use our hosted versions of recursive resolver and NSnitch. Please see Usage, for details on how to set Tenta DNS as your default DNS resolver, or APIs, for NSnitch REST API information. Just want to use our hosted recursive resolver? We offer two options, using either OpenNIC root servers or the normal ICANN root servers.

your-dns - A docker-compose file to provide a secure adblocking DNS server

  •    

NOTE: if you are interested in a hosted solution, please take a look at nextdns.io. I'm not affiliated with nextdns.io. NEW: Try using your-dns.run as a DNS-over-TLS server. You can use this domain with "Private DNS" feature in > Android 9 (Pie). This server is set up using the your-dns-run branch of this repo.

acme - A simple ACME command line tool without 3rd party deps!

  •    Go

A simple command line tool to manage TLS certificates with ACME-compliant CAs, which has no third party dependencies.If you're looking for a package to import in your program, golang.org/x/crypto/acme or golang.org/x/crypto/acme/autocert is what you'll want instead.

haproxy-acme-validation-plugin - :four_leaf_clover: Zero-downtime ACME / Let's Encrypt certificate issuing for HAProxy

  •    Shell

HAProxy plugin implementing zero-downtime ACME http-01 validation for domains served by HAProxy instances. The plugin leverages HAProxy's Lua API to allow HAProxy to answer validation challenges using token/key-auth files provisioned by an ACME client to a designated directory. The plugin is compatible with ACME clients supporting webroot authentication for http-01 challenges.

sdns - A lightweight fast recursive dns server with dnssec support

  •    Go

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. Please make sure to update tests as appropriate.

acme.sh - A pure Unix shell script implementing ACME client protocol

  •    Shell

It's probably the easiest & smartest shell script to automatically issue & renew the free certificates from Let's Encrypt.

doggo - Command-line DNS client for human

  •    Go

doggo is a modern command-line DNS client (like dig) written in Golang. It outputs information in a neat concise manner and supports protocols like DoH (DNS over HTTPS), DoT (DNS over TLS) and DNSCrypt as well. It supports multiple resolvers at once, Reverse DNS Lookups, Shell completions for zsh and fish.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.