# acme-dns/acme-dns **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/acme-dns-acme-dns).** 2,775 stars · 296 forks · Go · MIT ## Links - GitHub: https://github.com/acme-dns/acme-dns - awesome-repositories: https://awesome-repositories.com/repository/acme-dns-acme-dns.md ## Topics `acme-challenge` `acme-dns` `dns-server` `letsencrypt` `tls-certificate` ## Description acme-dns is a DNS server and protocol manager designed to proxy TXT records for ACME DNS-01 challenges. It enables the validation of domain ownership for automated certificate issuance without exposing primary DNS zone files or credentials to external clients. The project utilizes CNAME-based delegation to offload verification from a primary zone to a specialized server. It provides a REST API for programmatically updating short-lived validation tokens, which is secured through CIDR-based network restrictions and automated TLS provisioning for the API interface. The system supports stateless DNS proxying and the management of custom A, AAAA, and NS records. It includes server health monitoring via liveness and readiness probes for orchestration environments. The service is available as a containerized deployment for consistent installation across different host operating systems. ## Tags ### Security & Cryptography - [DNS Challenge Verifiers](https://awesome-repositories.com/f/security-cryptography/cryptography/ssl-tls-certificate-management/certificate-verification/dns-challenge-verifiers.md) — Implements a DNS server that proxies TXT records to verify domain ownership for ACME certificate issuance. ([source](https://github.com/acme-dns/acme-dns/blob/master/Dockerfile)) - [ACME Challenge Servers](https://awesome-repositories.com/f/security-cryptography/acme-challenge-servers.md) — Acts as a dedicated DNS server specifically for proxying ACME DNS-01 validation challenges. - [ACME Protocol Implementations](https://awesome-repositories.com/f/security-cryptography/acme-protocol-implementations.md) — Implements logic to manage short-lived validation tokens for automated certificate issuance. - [Challenge Token Managers](https://awesome-repositories.com/f/security-cryptography/api-credential-managers/challenge-token-managers.md) — Provides an API to issue and manage unique subdomains and credentials for certificate authority validation tokens. ([source](https://github.com/acme-dns/acme-dns/blob/master/README.md)) - [DNS Validation Providers](https://awesome-repositories.com/f/security-cryptography/dns-validation-providers.md) — Automates domain ownership verification for SSL certificates without exposing primary DNS credentials. - [Secure Validation API Gateways](https://awesome-repositories.com/f/security-cryptography/dns-validation-providers/dns-provider-api-integrations/secure-validation-api-gateways.md) — Provides a restricted API interface for updating TXT records using network filtering to prevent unauthorized modifications. - [Network-Based Access Controls](https://awesome-repositories.com/f/security-cryptography/access-authentication/network-based-access-controls.md) — Restricts API access for DNS record updates to specific source networks using CIDR notation. ([source](https://github.com/acme-dns/acme-dns/blob/master/README.md)) - [Certificate Renewal Managers](https://awesome-repositories.com/f/security-cryptography/certificate-renewal-managers.md) — Facilitates the scaling of TLS certificate issuance and renewal through automated DNS verification. - [Automated Certificate Management](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/security-https/automated-certificate-management.md) — Automatically fetches and renews HTTPS certificates for its own management API. ### DevOps & Infrastructure - [DNS Proxy REST API Endpoints](https://awesome-repositories.com/f/devops-infrastructure/rest-api-endpoint-management/dns-proxy-rest-api-endpoints.md) — Includes HTTP endpoints to programmatically control the DNS proxy and update validation records. ### Networking & Communication - [DNS Record Management](https://awesome-repositories.com/f/networking-communication/dns-record-management.md) — Provides a REST API for programmatically updating DNS TXT records for certificate validation. - [Challenge Delegation](https://awesome-repositories.com/f/networking-communication/dns-record-updaters/challenge-delegation.md) — Proxies TXT record lookups for DNS-01 challenges by providing unique subdomains. ([source](https://github.com/acme-dns/acme-dns#readme)) - [Challenge Delegation Servers](https://awesome-repositories.com/f/networking-communication/dns-services/challenge-delegation-servers.md) — Provides a lightweight, containerized DNS service for deploying delegated challenge infrastructure. - [CNAME Proxy Certificate Applications](https://awesome-repositories.com/f/networking-communication/domain-name-systems/dns-record-verification/cname-challenge-resolution/cname-proxy-certificate-applications.md) — Uses CNAME records to delegate DNS-01 challenge verification from a primary zone to a specialized server. ### Software Engineering & Architecture - [Stateless DNS Proxies](https://awesome-repositories.com/f/software-engineering-architecture/stateless-architectures/stateless-dns-proxies.md) — Operates as a stateless DNS proxy that resolves queries by fetching tokens from a backend store.