bfde429b8e
Domain for which certificate is asked for can have a CNAME, so we should check it. If domain has a CNAME, create the challange TXT record in the alias domain. This is useful in the scenario where a company like us is using some DNS provider which is not supported dynamically. We can then create a CNAME for records like _acme-challenge.example.com -> example.aws.hosted.com So this will allow us getting cert for *.example.com with creating txt record in route53 for above exxample.
21 lines
574 B
Go
21 lines
574 B
Go
package util
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/miekg/dns"
|
|
)
|
|
|
|
// DNS01Record returns a DNS record which will fulfill the `dns-01` challenge
|
|
// TODO: move this into a non-generic place by resolving import cycle in dns package
|
|
func DNS01Record(domain, value string) (string, string, int) {
|
|
fqdn := fmt.Sprintf("_acme-challenge.%s.", domain)
|
|
|
|
// Check if the domain has CNAME then return that
|
|
r, err := dnsQuery(fqdn, dns.TypeCNAME, RecursiveNameservers, true)
|
|
if err == nil && r.Rcode == dns.RcodeSuccess {
|
|
fqdn = updateDomainWithCName(r, fqdn)
|
|
}
|
|
return fqdn, value, 60
|
|
}
|