From 744d04c2585d50f64cf3d43d139c310a18e78f73 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 21 Aug 2020 20:30:14 -0600 Subject: caddytls: Configure custom DNS resolvers for DNS challenge (close #2476) And #3391 Maybe also related: #3664 --- go.mod | 4 ++-- go.sum | 12 ++++++------ modules/caddytls/acmeissuer.go | 1 + modules/caddytls/automation.go | 4 ++++ 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index d1b73f8..fa5913a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/Masterminds/sprig/v3 v3.1.0 github.com/alecthomas/chroma v0.8.0 github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a - github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339 + github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87 github.com/dustin/go-humanize v1.0.1-0.20200219035652-afde56e7acac github.com/go-chi/chi v4.1.2+incompatible github.com/google/cel-go v0.5.1 @@ -14,7 +14,7 @@ require ( github.com/klauspost/compress v1.10.10 github.com/klauspost/cpuid v1.2.5 github.com/lucas-clemente/quic-go v0.18.0 - github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09 + github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e github.com/naoina/go-stringutil v0.1.0 // indirect github.com/naoina/toml v0.1.1 github.com/smallstep/certificates v0.15.1 diff --git a/go.sum b/go.sum index 71c4773..381988e 100644 --- a/go.sum +++ b/go.sum @@ -79,8 +79,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTKY95VwV8U= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339 h1:wTD+Y63XoBtiTJhe/Xn7WLrwKenmjkt2WxH3FP+Y0DM= -github.com/caddyserver/certmagic v0.11.3-0.20200810220624-10a8b5c72339/go.mod h1:mqOzOvKa7UcC+TWbBLcP0ZLRut/xaaQBw0hRGWHBIkY= +github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87 h1:3aKxAswI/GxNUKS3v+NWaB+hUyBtfXyjAWlc2Go53T0= +github.com/caddyserver/certmagic v0.11.3-0.20200822022242-4fd8ae48ef87/go.mod h1:ru+9UfE7sgvPJgieBLSRz5S3xuCd6wlV0qEHErC+x1k= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -346,8 +346,8 @@ github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+ github.com/letsencrypt/pkcs11key v2.0.1-0.20170608213348-396559074696+incompatible/go.mod h1:iGYXKqDXt0cpBthCHdr9ZdsQwyGlYFh/+8xa4WzIQ34= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821 h1:663opx/RKxiISi1ozf0WbvweQpYBgf34dx8hKSIau3w= -github.com/libdns/libdns v0.0.0-20200501023120-186724ffc821/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= +github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04= +github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lucas-clemente/quic-go v0.18.0 h1:JhQDdqxdwdmGdKsKgXi1+coHRoGhvU6z0rNzOJqZ/4o= github.com/lucas-clemente/quic-go v0.18.0/go.mod h1:yXttHsSNxQi8AWijC/vLP+OJczXqzHSOcJrM5ITUlCg= @@ -381,8 +381,8 @@ github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09 h1:J7NVJ46iBFeWsUc5aeVv8QNO2mLhI6rJKIbpAsH7d7g= -github.com/mholt/acmez v0.1.1-0.20200810215816-dbe88fc6cf09/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= +github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e h1:F5E9CM0APrZtTfowJfvUBmrCjuHLfslZyFlNTEB7UV4= +github.com/mholt/acmez v0.1.1-0.20200811184240-dc9c5f05ed1e/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM= github.com/microcosm-cc/bluemonday v1.0.1/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4= github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo= github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go index 963143b..0797435 100644 --- a/modules/caddytls/acmeissuer.go +++ b/modules/caddytls/acmeissuer.go @@ -112,6 +112,7 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error { DNSProvider: val.(certmagic.ACMEDNSProvider), TTL: time.Duration(iss.Challenges.DNS.TTL), PropagationTimeout: time.Duration(iss.Challenges.DNS.PropagationTimeout), + Resolvers: iss.Challenges.DNS.Resolvers, } } } diff --git a/modules/caddytls/automation.go b/modules/caddytls/automation.go index 502a631..1612391 100644 --- a/modules/caddytls/automation.go +++ b/modules/caddytls/automation.go @@ -295,6 +295,10 @@ type DNSChallengeConfig struct { // How long to wait for DNS record to propagate. PropagationTimeout caddy.Duration `json:"propagation_timeout,omitempty"` + // Custom DNS resolvers to prefer over system/built-in defaults. + // Often necessary to configure when using split-horizon DNS. + Resolvers []string `json:"resolvers,omitempty"` + solver acmez.Solver } -- cgit v1.2.3