» RFC 2136 DNS Challenge Provider

The rfc2136 DNS challenge provider can be used to perform DNS challenges for the acme_certificate resource with an RFC 2136-compatible DNS server.

For complete information on how to use this provider with the acme_certifiate resource, see here.

» Example

resource "acme_certificate" "certificate" {
  ...

  dns_challenge {
    provider = "rfc2136"
  }
}

» Argument Reference

The following arguments can be either passed as environment variables, or directly through the config block in the dns_challenge argument in the acme_certificate resource. For more details, see here.

To disable TSIG authentication, leave the specific TSIG variables unset.

RFC2136_NAMESERVER - The network address of the DNS server to send the updates to. Can be in the form of HOST or HOST:PORT.
RFC2136_TSIG_ALGORITHM - The TSIG algorithm to use. Can be one of hmac-md5.sig-alg.reg.int. (HMAC-MD5), hmac-sha1. (HMAC-SHA1), hmac-sha256. (HMAC-SHA256), or hmac-sha512. (HMAC-SHA512). Default: hmac-md5.sig-alg.reg.int.
RFC2136_TSIG_KEY - The TSIG secret key name.
RFC2136_TSIG_SECRET - The TSIG secret key payload.

The following additional optional variables are available:

RFC2136_POLLING_INTERVAL - The amount of time, in seconds, to wait between DNS propagation checks (default: 2).
RFC2136_PROPAGATION_TIMEOUT - The amount of time, in seconds, to wait for DNS propagation (default: 60). Can also be specified by RFC2136_TIMEOUT.
RFC2136_TTL - The TTL to set on DNS challenge records, in seconds (default: 120).
RFC2136_DNS_TIMEOUT - The timeout on DNS UPDATE requests (default: 10).
RFC2136_SEQUENCE_INTERVAL - The time to wait between DNS challenges (default: 60).