NethServer Version: 7.4
A few weeks ago, there was a feature request for wildcard certs from Let’s Encrypt. LE requires DNS validation in order to issue a wildcard cert, and with many DNS hosts not having an API (and of those who do, they’re all different), it seems like it’d be practically impossible to build this into Neth in a way that would work for any significant number of users. Unless…
acme-dns is a project that implements a simple DNS server, whose only purpose is to serve the TXT records that Let’s Encrypt uses for validation. It implements an API that’s supported by Certbot and other clients, and is intended to run on a server under your control. You’d set some static (i.e., they don’t need to be changed at any interval) DNS records at your DNS host, which would have the effect of pointing Let’s Encrypt to your own server. acme-dns will then serve the desired TXT records, validating domain control, so LE will issue you the cert.
So, if we can get acme-dns up and running on Neth, we could package a way to issue wildcard certs for the Neth server, no matter which DNS host is being used. So I’m trying to get it running on Neth, but I’m running into a problem, probably because dnsmasq is already running and listening on port 53.
The software installs without issue, and appears to start without error.
netstat -an says there’s something listening on 0.0.0.0:53 (both TCP and UDP). I’ve done
config set fw_acme-dns service status enabled UDPPort 53 TCPPort 53 access red followed by a
firewall-adjust. But when I check open ports from the outside, port 53 isn’t open. I’m guessing this is because dnsmasq is already listing on port 53. How can I work around this? A port forward?