1 files changed, 29 insertions, 0 deletions

diff --git a/_posts/rfc2136.md b/_posts/rfc2136.md
new file mode 100644
index 0000000..d8d5190
--- /dev/null
+++ b/_posts/rfc2136.md
@@ -0,0 +1,29 @@
+# dyndns setup	http://www.btteknik.net/?p=143
+ddns-confgen -s rfc2136.sijanec.eu.
+# http://www.ipamworldwide.com/ipam/update-policy.html
+vim /etc/bind/named.conf.local	# here goes the update policy, change name to subdomain
+touch /etc/bind/keyfile.conf
+chmod 0660 /etc/bind/keyfile.conf
+vim /etc/bind/keyfile.conf	# here goes the key
+# hook script	https://blog.danman.eu/automatic-letsencrypt-wildcard-cert-renewal-with-nsupdate/
+vim /etc/letsencrypt/hook.sh
+	#!/bin/bash
+	CREATE_DOMAIN="certbot.rfc2136.sijanec.eu."
+	echo "
+	server 127.0.0.1
+	update delete $CREATE_DOMAIN TXT
+	update add $CREATE_DOMAIN 1 TXT $CERTBOT_VALIDATION
+	send
+	" | nsupdate -k /etc/bind/keyfile.conf
+	if [ $CERTBOT_REMAINING_CHALLENGES -eq 0 ]
+	then
+		echo done, reloading server and waiting 30 seconds
+		rndc reload
+		sleep 30
+	fi
+chmod +x /etc/letsencrypt/hook.sh
+# v domenske zapise vseh domen je treba dodati:
+#	_acme-challenge	IN	CNAME	certbot.rfc2136.sijanec.eu.
+certbot certonly --reuse-key --manual --register-unsafely-without-email --preferred-challenges dns --manual-auth-hook /etc/letsencrypt/hook.sh -d sijanec.eu -d sijanec.org -d sijanec.net -d xn--ijanec-9jb.eu -d xn--ijanec-9jb.org -d xn--ijanec-9jb.net -d xn--ijanec-9jb.si -d xn--ijanec-9jb.com -d *.sijanec.eu -d *.sijanec.org -d *.sijanec.net -d *.xn--ijanec-9jb.eu -d *.xn--ijanec-9jb.org -d *.xn--ijanec-9jb.net -d *.xn--ijanec-9jb.si -d *.xn--ijanec-9jb.com -d gimb.tk -d *.gimb.tk -d xn--jha.ga -d *.xn--jha.ga
+# more interesting info:
+# https://certbot-dns-rfc2136.readthedocs.io/en/stable/ (per-domain setup required, no CNAMEs)