GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
LFACME-DNS(7) FreeBSD Miscellaneous Information Manual LFACME-DNS(7)

lfacme-dnsvalidate an ACME challenge via TSIG DNS updates

In domains.conf(5):

domain challenge=dns

The lfacme-dns challenge hook will respond to an ACME domain validation using a DNS-based “dns-01” authorization with TSIG-authenticated Dynamic DNS updates. To use this challenge hook, configure one or more domains with “challenge=dns” in domains.conf(5).

The “dns-01” challenge expects the authorization token to be created as a TXT record at the DNS name “_acme-challenge.domain”. When lfacme-dns responds to the challenge, it will use nsupdate(1) to create this record. The DNS update will be sent to the zone's master server (determined by the MNAME field in the SOA record), and will be authenticated using the TSIG key file configured by LFACME_DNS_KEYFILE in acme.conf(5).

Once validation is complete, the previously created DNS record will be removed.

The lfacme-dns challenge hook supports the following configuration options in acme.conf(5):

LFACME_DNS_KEYFILE
(Required.) The key file that will be passed to nsupdate(1) to authenticate the DNS update.
LFACME_DNS_DIG
Path to the dig(1) program. If not specified, $PATH will be searched.
LFACME_DNS_NSUPDATE
Path to the nsupdate(1) program. If not specified, $PATH will be searched.

acme.conf(5), domains.conf(5), lfacme-renew(8), nsupdate(1)

June 4, 2025 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 7 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.