v2: acme-dns-tiny: if a CNAME is defined on _acme-challenge.example.org…

v2: acme-dns-tiny: if a CNAME is defined on _acme-challenge.example.org following it to decide where to install the TXT records Limitation: it only follows one CNAME for the moment, maybe we should go through CNAME chain, but it will requires to detect CNAME loop too.

v2: acme-dns-tiny: if a CNAME is defined on _acme-challenge.example.org…
v2: acme-dns-tiny: if a CNAME is defined on _acme-challenge.example.org following it to decide where to install the TXT records Limitation: it only follows one CNAME for the moment, maybe we should go through CNAME chain, but it will requires to detect CNAME loop too.
6d968395 · Adrien Dorsaz · c664b31e · 6d968395
Commit 6d968395 authored Mar 20, 2018 by Adrien Dorsaz
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

acme_dns_tiny.py acme_dns_tiny.py +5 -0

No files found.
--- a/acme_dns_tiny.py
+++ b/acme_dns_tiny.py
@@ -181,6 +181,11 @@ def get_crt(config, log=LOGGER):
        keyauthorization = "{0}.{1}".format(token, thumbprint)
        keydigest64 = _b64(hashlib.sha256(keyauthorization.encode("utf8")).digest())
        dnsrr_domain = "_acme-challenge.{0}.".format(domain)
+        try: # a CNAME resource can be used for advanced TSIG configuration, trying to follow it
+            dnsrr_domain = (response.to_text() for response in resolver.query(dnsrr_domain, rdtype="CNAME"))
+            log.info("  - A CNAME resource has been found for this domain, will install TXT on {0}".format(dnsrr_domain))
+        except dns.resolver.NoAnswer as noAnswer:
+            log.debug("  - Not any CNAME resource has been found for this domain, will install TXT directly on {0}".format(dnsrr_domain))
        dnsrr_set = dns.rrset.from_text(dnsrr_domain, config["DNS"].getint("TTL"), "IN", "TXT",  '"{0}"'.format(keydigest64))
        try:
            _update_dns(dnsrr_set, "add")