acme-dns
acme-dns copied to clipboard
joohoi
Question: acme-dns not listening for API
[if this is not the right forum to ask, kindly redirect me]
After starting acme-dns (version pulled from the github release, untarred), it only listens to port 53. I am therefore unable to call the API with /register to complete the creation of the CNAME records.
# sudo lsof -i -P -n | grep LISTEN | grep IPv4
systemd-r 563 systemd-resolve 13u IPv4 18341 0t0 TCP 127.0.0.53:53 (LISTEN)
sshd 822 root 3u IPv4 23030 0t0 TCP *:22 (LISTEN)
sshd 5721 root 10u IPv4 54066 0t0 TCP 127.0.0.1:6010 (LISTEN)
sshd 7214 root 10u IPv4 64930 0t0 TCP 127.0.0.1:6011 (LISTEN)
acme-dns 18125 root 5u IPv4 143772 0t0 TCP 127.0.0.1:53 (LISTEN)
API section is standard, just changed the port to 8443
[api]
# listen ip eg. 127.0.0.1
ip = "0.0.0.0"
# disable registration endpoint
disable_registration = false
# listen port, eg. 443 for default HTTPS
port = "8443"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "letsencryptstaging"
# only used if tls = "cert"
tls_cert_privkey = "/etc/tls/jflamy.dev/privkey.pem"
tls_cert_fullchain = "/etc/tls/jflamy.dev/fullchain.pem"
# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"
# CORS AllowOrigins, wildcards can be used
corsorigins = [
"*"
]
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"
There are no messages in the startup output pertaining to the API or to a misconfiguration. There seems to be a catch-22 if acme-dns is looking for a certificate for itself as indicated on the last line.
# INFO[0000] Using config file file=./config.cfg
INFO[0000] Connected to database
DEBU[0000] Adding new record to domain domain=ns.auth.jflamy.dev. recordtype=A
DEBU[0000] Adding new record to domain domain=auth.jflamy.dev. recordtype=NS
DEBU[0000] Adding new record to domain domain=auth.jflamy.dev. recordtype=SOA
INFO[0000] Listening DNS addr="127.0.0.1:53" proto=udp
INFO[0000] Listening DNS addr="127.0.0.1:53" proto=tcp
INFO[0000] 2022/01/25 14:15:04 [INFO][cache:0xc0000ae5f0] Started certificate maintenance routine
INFO[0000] 2022/01/25 14:15:04 [INFO][auth.jflamy.dev] Obtain certificate
The public IP address for ns.auth.jflamy.dev is correct, and port 53 is open, but I just want to register at this point...
Changing tls to "none" and using a http port does not help either.
INFO[0000] Listening HTTP host="0.0.0.0:8080"
INFO[0000] Listening DNS addr="127.0.0.1:53" proto=udp
INFO[0000] Listening DNS addr="127.0.0.1:53" proto=tcp
INFO[0000] 2022/01/25 16:34:46 [INFO][cache:0xc0000ae5f0] Started certificate maintenance routine
curl -L http://localhost:8080/register reports "method not allowed"
The later actually seems to indicate that the listener is up. "method not allowed" is because acme-dns only does POST requests and the default for curl is GET. "method not allowed" is an actual response from the acme-dns http listener.
I don't know why the listener failed to start in the original post though...
