ACME-DNS Server on Windows IIS ARR Proxy


I have a Windows IIS ARR Proxy server installed. Windows IIS ARR Proxy server will handle all port 80 and port 443 requests to different servers inside the network. I want to use Certify on the Proxy Server and I want to install an ACME-DNS for DNS-01 challenge.

Firewall forwarded port 80 and 443 to and port 53 to
Windows IIS ARR Proxy server - (All SSL Certs on this server)
Windows IIS Server(Port 80) - and
Windows IIS Server(Port 443) - and
acme-dns server(Port53) -

I followed this guide: to set up the linux server and I am very confused with this website.

On the public DNS. I created two entries as below. A (My acme-dns server public IP) NS

When I tired to edit the config file

--------------Start Config.cfg ----------------------

listen = “:53”

protocol, “both”, “both4”, “both6”, “udp”, “udp4”, “udp6” or “tcp”, “tcp4”, “tcp6”

protocol = “both”

domain name to serve the requests off of

domain = “”

zone name server

nsname = “”

admin email address, where @ is substituted with .

nsadmin = “”

predefined records served in addition to the TXT

records = [
# domain pointing to the public IP of your acme-dns server
“ A”,
# specify that will resolve any * records
“ NS”,

debug messages from CORS etc

debug = false


Database engine to use, sqlite3 or postgres

engine = “sqlite3”

Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres

Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3

connection = “/var/lib/acme-dns/acme-dns.db”

connection = “postgres://user:password@localhost/acmedns_db”


domain name to listen requests for, mandatory if using tls = “letsencrypt”

api_domain = “”

listen ip eg.

ip = “”

disable registration endpoint

disable_registration = false

autocert HTTP port, eg. 80 for answering Let’s Encrypt HTTP-01 challenges. Mandatory if using tls = “letsencrypt”.

autocert_port = “80”

listen port, eg. 443 for default HTTPS

port = “443”

possible values: “letsencrypt”, “cert”, “none”

tls = “letsencrypt”

only used if tls = “cert”

tls_cert_privkey = “/etc/tls/”
tls_cert_fullchain = “/etc/tls/”

only used if tls = “letsencrypt”

acme_cache_dir = “api-certs”

CORS AllowOrigins, wildcards can be used

corsorigins = [

use HTTP header to get the client ip

use_header = false

header name to pull the ip address / list of ip addresses from

header_name = “X-Forwarded-For”


logging level: “error”, “warning”, “info” or “debug”

loglevel = “debug”

possible values: stdout, TODO file & integrations

logtype = “stdout”

file path for logfile TODO

logfile = “./acme-dns.log”

format, either “json” or “text”

logformat = “text”

-------------end config.cfg ------------------------------

Now, my questions are:
(1) inside the config.cfg. There is port 80 and 443. Can I modify it using different ports? What is the purpose of those setting?

(2) How can I set up the Certify on the Proxy Server

Hi @leungda

if you use dns-01 challenge, you don’t need an A- or AAAA record.

Install the Acme-client and use it.

So, what is the purpose of the config.cfg file?

Sorry, I don’t know if your idea works. Read something wrong.


it should work, there is Certify The Web as client.

1 Like

I installed the ACME-DNS on Cent O/S and doesn’t seem to work