Mastodawn

Home Assistant: ERROR: rfc2136_sign_query is not supported since Letsencrypt Home Assistant App v6.0.0.

https://andreas.scherbaum.la/post/2026-04-18_home-assistant-error-rfc2136_sign_query-is-not-supported-since-letsencrypt-home-assistant-app-v6-0-0/

#HomeAssistant #LetsEncrypt #Certificate #RFC2136

Home Assistant: ERROR: rfc2136_sign_query is not supported since Letsencrypt Home Assistant App v6.0.0.

My Home Assistant started sending me a daily warning: Let's Encrypt certificate is expiring in 29 days, 28 days, 27 days - until I finally found time to investigate why the certificate is not renewing. And fix the issue.

ads' corner

Show thread

Ben Hardill Sep 15, 2025

First code drop for a RFC2136 helper to pair with nginx-proxy/nginx-proxy docker container.

https://github.com/hardillb/dns-docker-helper

It's still pretty rough and could do with some more error handling

#dns #nginx #rfc2136

GitHub - hardillb/dns-docker-helper: Dynamically create/remove DNS entries when containers are created/destroyed using RFC2136

Dynamically create/remove DNS entries when containers are created/destroyed using RFC2136 - hardillb/dns-docker-helper

GitHub

Ben Hardill Sep 5, 2025

Anybody know of a JavaScript library for doing RFC2136 DNS updates?

My usual search foo is not turning anything up

#DNS #RFC2136 #DDNS #NodeJS

Dentaku (Thomas Renger)Aug 4, 2024

Ha, funktioniert: LoadBalancer für #dovecot wird automatisch erzeugt, automatisch in DNS eingetragen und automatisch ein TLS-Zertifikat erzeugt. Langsam nimmt mein Mail-auf-Kubernetes-Setup Form an.

#k8s #externaldns #certmanager #rfc2136

Dentaku (Thomas Renger)Jul 31, 2024

Mit external-dns und ACME-DNS01-Challenge rumspielen.

Sollte ich:

Die Domain auf meinem eigenen Nameserver lassen und per nsupdate (aka #RFC2136) aktualisieren …

oder

… die Domain auf #Hetzner DNS verschieben und mit deren API aktualisieren?

RFC-2136

50%

Hetzner-API

50%

Poll ended at Jul 31, 2024 at 7:56pm.

Volker Stolz Jul 15, 2024

It's always DNS...shout-out to HE.net not only for their free IPv6-tunnels but also their free DNS-slaves and detailed instructions that you should really read carefully!

#dns #ipv6 #rfc2136

1977er Jul 15, 2024

Hello #knot, hello #rfc2136.

Volker Stolz Jul 8, 2024

I finally wanted to redo yet another @letsencrypt installation to use dns-01 and #rfc2136. Having remembered that CNAMEs and dynamic DNS were already horrible the last time round, I lost another hour of my life figuring out that whereas acme.sh needs a special option for CNAMEs, certbot doesn't support CNAMEs at all without an ungodly amount of local hooks (https://github.com/certbot/certbot/pull/7244#issuecomment-2056403185) 😒

#letsencrypt

dns-rfc2136: find the correct zone/name when CNAME/DNAMEs are used by hpax · Pull Request #7244 · certbot/certbot

Dynamic zones have significant problems with DNSSEC and with redundant servers (which, of course is highly desirable for DNS.) The obvious solution to that is to use a CNAME or DNAME record to poin...

GitHub

Habr Jul 4, 2024

Опыты в домашней лаборатории: динамически обновляем записи приватной зоны DNS в OpenWRT

Моя домашняя лаборатория подключена к интернету через маршрутизатор с прошивкой OpenWRT. Развертывая локальный ACME сервер, я понял, что, независимо от применяемого типа валидации запросов, ACME должен найти в DNS полное доменное имя сервера, для которого запрошен сертификат. В размышлениях, где же стоит хостить свою приватную DNS зону, меня озарило: «Но у нас уже есть дома DNS-сервер в OpenWRT. Наверняка можно удаленно обновлять записи в его локальной зоне». TL;DR: В итоге пришлось поставить BIND

https://habr.com/ru/articles/826826/

#openwrt #arm64 #dns #bind #hotplug #RFC2136 #RFC2845 #TSIG #DDNS #selfhosted