Acme-dns - how to

I tried to follow the guide but it just doesn't work....


# DNS interface. Note that systemd-resolved may reserve port 53 on
# In this case acme-dns will error out and you will need to define the listening interface
# for example: listen = ""
listen = ""
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
protocol = "both"
# domain name to serve the requests off of
domain = ""
# zone name server
nsname = ""
# admin email address, where @ is substituted with .
nsadmin = ""
# predefined records served in addition to the TXT
records = [
    # domain pointing to the public IP of your acme-dns server 
    " A",
    # specify that will resolve any * records
    " NS",
# debug messages from CORS etc
debug = false

# Database engine to use, sqlite3 or postgres
engine = "sqlite3"
# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
connection = "/var/lib/acme-dns/acme-dns.db"
# connection = "postgres://user:password@localhost/acmedns_db"

# listen ip eg.
ip = ""
# disable registration endpoint
disable_registration = false
# listen port, eg. 443 for default HTTPS
port = "443"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "letsencryptstaging"
# only used if tls = "letsencrypt"
tls_cert_privkey = "/etc/tls/"
tls_cert_fullchain = "/etc/tls/"
# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"
# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
notification_email = ""
# CORS AllowOrigins, wildcards can be used
corsorigins = [
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"

# logging level: "error", "warning", "info" or "debug"
loglevel = "debug"
# possible values: stdout, TODO file & integrations
logtype = "stdout"
# file path for logfile TODO
# logfile = "./acme-dns.log"
# format, either "json" or "text"
logformat = "text" has access to every port on firewall

What is weird is this:

acme systemd[1]: Started Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
acme acme-dns[24841]: time="2021-08-01T20:28:35+02:00" level=error msg="Configuration file not found."
acme systemd[1]: acme-dns.service: Main process exited, code=exited, status=1/FAILURE
acme systemd[1]: acme-dns.service: Failed with result 'exit-code'.
acme systemd[1]: acme-dns.service: Service RestartSec=100ms expired, scheduling restart.
acme systemd[1]: acme-dns.service: Scheduled restart job, restart counter is at 5.
acme systemd[1]: Stopped Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
acme systemd[1]: acme-dns.service: Start request repeated too quickly.
acme systemd[1]: acme-dns.service: Failed with result 'exit-code'.

My guess is I'm doing /register too frequently but even on staging I don't now the cooldown timer.

Isn't that the issue at the moment? Note that don't know where acme-dns searches for the configuration file, but apparently it's currently not in the correct location.


That's what boggles me. It is in acme-dns and it reads:

INFO[0000] Using config file                             file=./config.cfg
INFO[0000] Connected to database
DEBU[0000] Adding new record to domain          recordtype=A
DEBU[0000] Adding new record to domain          recordtype=NS
DEBU[0000] Adding new record to domain          recordtype=SOA
INFO[0000] Listening DNS                                 addr="" proto=udp
INFO[0000] Listening DNS                                 addr="" proto=tcp
INFO[0000] 2021/08/01 20:59:59 [INFO][cache:0xc00006c5f0] Started certificate maintenance routine

it is stuck like this

Seems to me it's waiting for a request? Not sure how that computes with the "configuration file not found" error earlier tho..

1 Like

Can you show how you call this program to start and where from?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.