[Samba] dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)

Jakob Lenfers lenfers at bigsss-bremen.de
Wed Jan 16 10:30:33 UTC 2019

Am 15.01.19 um 19:47 schrieb Kris Lou via samba:
> Just to clarify, your hook allows dehydrated to lookup DNS to an internal
> Samba (or Bind_DLZ) server for DNS-01 verification in certificate
> generation?

It allows dehydrated to *add* DNS entries to authenticate domain
ownership to LetsEncrypt. And then to generate certs for this domain,
yeah. Obviously this only works if your domain is externally
connectable, DOMAIN.LOCAL won't do. But IIRC the documentation, it's not
a good solution anyways.

We actually use dnsdist and powerdns for our DNS-Domains. Our AD-Domain
is a subdomain of one and gets requests for that subdomain via dnsdist


More information about the samba mailing list