Since two days I’m trying, without any success, to configure a simple CentOS 7 with BIND, certbot and rfc2136 plugin, to use DNS-01 challenge to generate some certificates locally without exposing internal web servers to internet.
Take note that the domain, for testing purpose, I was using was example.org.
I have read a lot of topics here on this communicty and on the net, but each guide is very superficial about specific configurations.
Actually, after creating keys (tried both HMAC-SHA512 and HMAC-MD5), after creating a dumb zone file for example.org internal domain, configuring named.conf after creating the rfc2136 conf file with secrets and specifying into the named.conf, etc…the never-ending error I still have an NXDOMAIN error for the _acme-challenge.etc… because certbot tries to search for a domain called _acme-challenge…
I was using certbot certonly (with all the options related to rfc2136): nothing, the error is always there.
Checked the permissions for the named daemon, all group permission for the named group: nothing, the error is still there, and that is the only error, no other warnings.
Anybody have a working environment, not only of the named.conf file (there are tons of examples on the net and almost useless to fix the issue I’m facing) with ALSO an example of the BIND zone file?
I think I will continue rely using traditional TLS certificates for internal websites if not finding some serious documentation about this kind of configuration (almost all “guide” focus on secret creation process, which is the most simple step of the overall configuration…).
For now I will take a pause, cause I’m bored of trying something that is actually a trial-and-error configuration (even after re-creating from scratch the CentOS 7 system for 2 times).
Anyone have a clue that could help me on this case?