Module Letsencrypt_dns.Make

Parameters

Signature

include sig ... end
type solver = Letsencrypt.Client.Solver(S).solver = {
  1. challenge : Letsencrypt.Client.challenge;
  2. solve_challenge : token:string -> key_authorization:string -> [ `host ] Domain_name.t -> (unit, [ `Msg of string ]) Stdlib.result S.t;
}
val http_solver : ([ `host ] Domain_name.t -> prefix:string -> token:string -> content:string -> (unit, [ `Msg of string ]) Stdlib.result S.t) -> solver
val print_http : solver
val alpn_solver : ?key_type:X509.Key_type.t -> ?bits:int -> ([ `host ] Domain_name.t -> alpn:string -> X509.Private_key.t -> X509.Certificate.t -> (unit, [ `Msg of string ]) Stdlib.result S.t) -> solver
val print_alpn : solver
val dns_solver : ([ `raw ] Domain_name.t -> string -> (unit, [ `Msg of string ]) Stdlib.result S.t) -> solver

dns_solver (fun domain content) is a solver for dns-01 challenges. The provided function should return Ok () once the authoritative name servers serve a TXT record at domain with the content. The domain already has the _acme-challenge. prepended.

val print_dns : solver

print_dns outputs the DNS challenge solution, and waits for user input before continuing with ACME.

val nsupdate : ?proto:Dns.proto -> int -> (unit -> Ptime.t) -> (string -> (unit, [ `Msg of string ]) Stdlib.result S.t) -> ?recv:(unit -> (string, [ `Msg of string ]) Stdlib.result S.t) -> zone:[ `host ] Domain_name.t -> keyname:'a Domain_name.t -> Dns.Dnskey.t -> solver

nsupdate ~proto id now send ~recv ~keyname key ~zone constructs a dns solver that sends a DNS update packet (using send) and optionally waits for a signed reply (using recv if present) to solve challenges. The update is signed with a hmac transaction signature (DNS TSIG) using now () as timestamp, and the keyname and key for the cryptographic material. The zone is the one to be used in the query section of the update packet. If signing, sending, or receiving fails, the error is reported.