FreeBSD Manual Pages
LFACME-DNS(7) Miscellaneous Information Manual LFACME-DNS(7) NAME lfacme-dns -- validate an ACME challenge via TSIG DNS updates SYNOPSIS In domains.conf(5): domain challenge=dns DESCRIPTION The lfacme-dns challenge hook will respond to an ACME domain validation using a DNS-based "dns-01" authorization with TSIG-authenticated Dy- namic DNS updates. To use this challenge hook, configure one or more domains with "challenge=dns" in domains.conf(5). The "dns-01" challenge expects the authorization token to be created as a TXT record at the DNS name "_acme-challenge.domain". When lfacme-dns responds to the challenge, it will use nsupdate(1) to create this record. The DNS update will be sent to the zone's master server (de- termined by the MNAME field in the SOA record), and will be authenti- cated using the TSIG key file configured by LFACME_DNS_KEYFILE in acme.conf(5). Once validation is complete, the previously created DNS record will be removed. CONFIGURATION The lfacme-dns challenge hook supports the following configuration op- tions in acme.conf(5): LFACME_DNS_KEYFILE (Required.) The key file that will be passed to nsupdate(1) to authenticate the DNS update. LFACME_DNS_DIG Path to the dig(1) program. If not specified, $PATH will be searched. LFACME_DNS_NSUPDATE Path to the nsupdate(1) program. If not specified, $PATH will be searched. SEE ALSO acme.conf(5), domains.conf(5), lfacme-renew(8), nsupdate(1) FreeBSD ports 15.0 June 4, 2025 LFACME-DNS(7)
NAME | SYNOPSIS | DESCRIPTION | CONFIGURATION | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=lfacme-dns&sektion=7&manpath=FreeBSD+Ports+15.0>