Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Acme with HE DNS using 2FA

    Scheduled Pinned Locked Moved ACME
    2 Posts 1 Posters 611 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      credulous
      last edited by

      Hello All,

      Earlier this year I noticed that my DNS provider (Hurricane Electric) had added 2FA, which I promptly enabled, forgetting all about the fact that ACME used HE account credentials to add the ACME challenges during re-issue, this meant that my automatic re-issue was failing.

      I disabled 2FA temporarily and the re-issue went through as normal.

      I presume that HE provide some kind of API key for use in these cases when 2FA is enabled, though I cannot find it on their website and have emailed them asking how to get these.

      It looks like the HE integration for the ACME package only supports username/password credentials, is there a way around this?

      C 1 Reply Last reply Reply Quote 0
      • C
        credulous @credulous
        last edited by

        Just a nudge on this question, currently I am having to disable 2FA when I want to renew.

        Does anyone know how the he.net integration works, is it simply scraping dns.he.net or is it usign an API?

        According to he.net it should be doing something like this ..

        curl "https://dyn.dns.he.net/nic/update" -d "hostname=_acme-yourdomain.com" -d "password=txtRecordKey" -d "txt=ACMEChallenge"

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.