» RFC 2136 DNS Challenge Provider

The rfc2136 DNS challenge provider can be used to perform DNS challenges for the acme_certificate resource with an RFC 2136-compatible DNS server.

For complete information on how to use this provider with the acme_certifiate resource, see here.

» Example

resource "acme_certificate" "certificate" {

  dns_challenge {
    provider = "rfc2136"

» Argument Reference

The following arguments can be either passed as environment variables, or directly through the config block in the dns_challenge argument in the acme_certificate resource. For more details, see here.

In addition, arguments can also be stored in a local file, with the path supplied by supplying the argument with the _FILE suffix. See here for more information.

  • RFC2136_NAMESERVER - The network address of the DNS server to send the updates to. Can be in the form of HOST or HOST:PORT.
  • RFC2136_TSIG_ALGORITHM - The TSIG algorithm to use. Can be one of hmac-md5.sig-alg.reg.int. (HMAC-MD5), hmac-sha1. (HMAC-SHA1), hmac-sha256. (HMAC-SHA256), or hmac-sha512. (HMAC-SHA512). Default: hmac-md5.sig-alg.reg.int.
  • RFC2136_TSIG_KEY - The TSIG secret key name.
  • RFC2136_TSIG_SECRET - The TSIG secret key payload.

The following additional optional variables are available: