Change DNS Manual to DNS API
Is there a way to change my DNS setting from manual to DNS API mode? I tried renewing an SSL using acme.sh but it says that my dns-01 is in manual mode (which should not be run in prooduction) and need to manually add the TXT Value. I would like to make use of auto renew but it seems that my DNS should support API. How can I do this? Can I change my already built DNS to make use of API?
Honestly I have zero idea on what to do here. Please help me
See also questions close to this topic
-
AWS Lambda timing out on MongoDB Atlas connection
I'm just trying to write a simple Lambda function to insert data into my MongoDB Atlas cluster. I've set the cluster to accept all incoming traffic (0.0.0.0/0) and confirmed that I can connect locally.
For AWS Lambda, I set up a VPC using the VPC wizard, and I gave my Lambda function a security role with full admin access. I set the timeout to 12 seconds, but I'm still getting the following error:
Response: { "errorMessage": "2018-11-19T15:17:23.200Z 3048e1fd-ec0e-11e8-a03d-fb79584484c5 Task timed out after 11.01 seconds" } Request ID: "3048e1fd-ec0e-11e8-a03d-fb79584484c5" Function Logs: START RequestId: 3048e1fd-ec0e-11e8-a03d-fb79584484c5 Version: $LATEST 2018-11-19T15:17:12.191Z 3048e1fd-ec0e-11e8-a03d-fb79584484c5 Calling MongoDB Atlas from AWS Lambda with event: {"address":{"street":"2 Avenue","zipcode":"10075","building":"1480","coord":[-73.9557413,40.7720266]},"borough":"Manhattan","cuisine":"Italian","grades":[{"date":"2014-10-01T00:00:00Z","grade":"A","score":11},{"date":"2014-01-16T00:00:00Z","grade":"B","score":17}],"name":"Vella","restaurant_id":"41704620"} 2018-11-19T15:17:12.208Z 3048e1fd-ec0e-11e8-a03d-fb79584484c5 => connecting to database 2018-11-19T15:17:12.248Z 3048e1fd-ec0e-11e8-a03d-fb79584484c5 (node:1) DeprecationWarning: current URL string parser is deprecated, and will be removed in a future version. To use the new parser, pass option { useNewUrlParser: true } to MongoClient.connect. END RequestId: 3048e1fd-ec0e-11e8-a03d-fb79584484c5 REPORT RequestId: 3048e1fd-ec0e-11e8-a03d-fb79584484c5 Duration: 11011.08 ms Billed Duration: 11000 ms Memory Size: 128 MB Max Memory Used: 29 MB 2018-11-19T15:17:23.200Z 3048e1fd-ec0e-11e8-a03d-fb79584484c5 Task timed out after 11.01 secondsThe relevant part of my code for connecting is (with user and pass being the appropriate values):
const MongoClient = require('mongodb').MongoClient; let atlas_connection_uri = "mongodb+srv://<user>:<pass>@restaurantcluster-2ylyf.gcp.mongodb.net/testdb" let cachedDb = null; exports.handler = (event, context, callback) => { var uri = atlas_connection_uri if (atlas_connection_uri != null) { processEvent(event, context, callback); } else { atlas_connection_uri = uri; console.log('the Atlas connection string is ' + atlas_connection_uri); processEvent(event, context, callback); } }; function processEvent(event, context, callback) { console.log('Calling MongoDB Atlas from AWS Lambda with event: ' + JSON.stringify(event)); var jsonContents = JSON.parse(JSON.stringify(event)); //date conversion for grades array if(jsonContents.grades != null) { for(var i = 0, len=jsonContents.grades.length; i < len; i++) { jsonContents.grades[i].date = new Date(); } } context.callbackWaitsForEmptyEventLoop = false; try { if (cachedDb == null) { console.log('=> connecting to database'); MongoClient.connect(atlas_connection_uri, function (err, client) { cachedDb = client.db('testdb'); return createDoc(cachedDb, jsonContents, callback); }); } else { createDoc(cachedDb, jsonContents, callback); } } catch (err) { console.error('an error occurred', err); } }I suspect that something is going on with my VPC firewall/permissions/security group considering the fact that I can connect from my local machine, but I have no idea how that could be the case when I'm granting full admins privileges in my security role and I've set all outgoing VPC traffic to my public subnet.
I would appreciate any advice/help in solving this!
-
Lambda cannot access KMS Key
When I run my lambda code, I get the following error:
The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.I have mostly followed this to create the stack using aws-sam-cli, and the relevant sections of the template are below the code.
The relevant code is:
const ssm = new AWS.SSM(); const param = { Name: "param1", WithDecryption: true }; const secret = await ssm.getParameter(param).promise();The relevant part of the template.yaml file is:
KeyAlias: Type: AWS::KMS::Alias Properties: AliasName: 'param1Key' TargetKeyId: !Ref Key Key: Type: AWS::KMS::Key Properties: KeyPolicy: Id: default Statement: - Effect: Allow Principal: AWS: !Sub arn:aws:iam::${AWS::AccountId}:root Action: - 'kms:Create*' - 'kms:Encrypt' - 'kms:Describe*' - 'kms:Enable*' - 'kms:List*' - 'kms:Put*' - 'kms:Update*' - 'kms:Revoke*' - 'kms:Disable*' - 'kms:Get*' - 'kms:Delete*' - 'kms:ScheduleKeyDeletion' - 'kms:CancelKeyDeletion' Resource: '*' Sid: Allow root account all permissions except to decrypt the key Version: 2012-10-17 LambdaFunction: Type: AWS::Serverless::Function Properties: CodeUri: ../ Handler: app.lambda Runtime: nodejs8.10 Policies: - DynamoDBReadPolicy: TableName: !Ref Table - KMSDecryptPolicy: KeyId: !Ref Key - Statement: - Action: - "ssm:GetParameter" Effect: Allow Resource: !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/param1"Does the
KMSDecryptPolicynot allow the use of the key? What am I missing? Thanks! -
No executable found matching command "dotnet-lambda"
I try to automate .net core AWS lambda project deploy
I've just installed .net sdk from https://www.microsoft.com/net/core#windowsvs2015 as suggested in the guide at https://docs.aws.amazon.com/en_us/toolkit-for-visual-studio/latest/user-guide/lambda-cli-publish.html#listing-the-lam-commands-available-through-the-cli
The direct link to msi was https://download.visualstudio.microsoft.com/download/pr/9b60a25e-5b31-4550-aae1-72516c1067f6/52e8387487fecef06266a7a19c97ddee/dotnet-sdk-2.1.500-win-gs-x64.exe
Following the guide I try to list dotnet lambda commands:
>dotnet lambda --help No executable found matching command "dotnet-lambda"the list of commands doesn't even include lambda:
>dotnet --help .NET Command Line Tools (2.1.500) Usage: dotnet [runtime-options] [path-to-application] [arguments] Execute a .NET Core application. runtime-options: --additionalprobingpath <path> Path containing probing policy and assemblies to probe for. --additional-deps <path> Path to additional deps.json file. --fx-version <version> Version of the installed Shared Framework to use to run the application. --roll-forward-on-no-candidate-fx Roll forward on no candidate shared framework is enabled. path-to-application: The path to an application .dll file to execute. Usage: dotnet [sdk-options] [command] [command-options] [arguments] Execute a .NET Core SDK command. sdk-options: -d|--diagnostics Enable diagnostic output. -h|--help Show command line help. --info Display .NET Core information. --list-runtimes Display the installed runtimes. --list-sdks Display the installed SDKs. --version Display .NET Core SDK version in use. SDK commands: add Add a package or reference to a .NET project. build Build a .NET project. build-server Interact with servers started by a build. clean Clean build outputs of a .NET project. help Show command line help. list List project references of a .NET project. migrate Migrate a project.json project to an MSBuild project. msbuild Run Microsoft Build Engine (MSBuild) commands. new Create a new .NET project or file. nuget Provides additional NuGet commands. pack Create a NuGet package. publish Publish a .NET project for deployment. remove Remove a package or reference from a .NET project. restore Restore dependencies specified in a .NET project. run Build and run a .NET project output. sln Modify Visual Studio solution files. store Store the specified assemblies in the runtime package store. test Run unit tests using the test runner specified in a .NET project. tool Install or manage tools that extend the .NET experience. vstest Run Microsoft Test Engine (VSTest) commands. Additional commands from bundled tools: dev-certs Create and manage development certificates. ef Entity Framework Core command-line tools. sql-cache SQL Server cache command-line tools. user-secrets Manage development user secrets. watch Start a file watcher that runs a command when files change. Run 'dotnet [command] --help' for more information on a command.Why is that?
-
Best approach to measure DNS resolution time
I am working on a python 3.6 based script to monitor dns resolution time, using dns python. I need to understand what is the best approach to get the resolution time. I am currently using the following:
Method:1
import dns.resolver import time dns_start = time.perf_counter() answers = dns.resolver.query(domain, qtype) dns_end = time.perf_counter() print("DNS record is: " ,answers.rrset) print('DNS time =' ,(dns_end - dns_start)* 1000,"ms")Method 2
import dns.resolver import time answers = dns.resolver.query(domain, qtype) print("DNS record is: " ,answers.rrset) print('DNS time =' , answers.response.time * 1000,"ms")Thanks
-
Why is my SRV record not working even though it appears to be configured correctly?
I'm trying to map a subdomain to a port on my domain. I cannot use port 80 as this is already in use by a different service. I understand I need to use an SRV record, and I believe this to be set up correctly, however it does not appear to be working at all.
This is my current configuration:
Any help is greatly appreciated.
-
directing domainname.com to www.domainname.com
THE ISSUE
I have a django website in DigitalOcean, everything works fine expect routing domainname.com to www.domainname.com
I normally fix this using cname as: and all answers i have found also provide this. but it doesn't work in my case
Hostname Alias Of TTL(Seconds) www @ 43200This normally works in godaddy, but in digital ocean the www.domainname.com takes me to the welcome to nginx page.
THE ASK
So how can i get the www.@.com to display the website?
-
SSL Let's Encrypt installation not working on NGINX at AWS EC2
I have an AWS EC2 Instance with NGINX installed and working, but SSL with Let's Encrypt cannot access.
Nginx Configuration
Folder /etc/pki/tls with files generated by Let's Encrypt corretly
AWS Security Group for this EC2 instance
There ins't load balancer (ELB) involved, Route 53 is sending traffic directly to this EC2 instance.
When I tried to access website over HTTP everything is working, but when I try to connect over HTTPS it's not possible
Thanks a lot
-
Difference between certbot and certbot-auto
I am using
letsencryptfor my server to support https. When looking around I find commands withcertbotand others withcertbot-autowith similar funcionalities. As I understand, you need to use consistently one or the other. Can someone expalin the difference and in which case you would use one or the other? -
ERROR: In file './docker-compose.yml', service name True must be a quoted string, i.e. 'True'
My docker-compose.yml looks like the below. When i run docker-compose up I get the below error.
ERROR: In file './docker-compose.yml', the service name True must be a quoted string, i.e. 'True'.
version: '3' services: db: restart: always image: postgres:9.6-alpine container_name: pleroma_postgres networks: - pleroma volumes: - ./postgres:/var/lib/postgresql/data web: build: . image: pleroma container_name: pleroma_web restart: always environment: - VIRTUAL_HOST=<myplaceholderhost> - VIRTUAL_PORT=4000 - LETSENCRYPT_HOST=<myplaceholderhost> - LETENCRYPT_EMAIL=<myplaceholderemail> expose: - "4000" volumes: - ./uploads:/pleroma/uploads depends_on: - db nginx: image: jwilder/nginx-proxy container_name: nginx volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d - /apps/docker-articles/nginx/certs:/etc/nginx/certs:ro - /apps/docker-articles/nginx/html:/usr/share/nginx/html restart: always ports: - "80:80" - "443:443" labels: com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" networks: - pleroma letsencrypt: image: jrcs/letsencrypt-nginx-proxy-companion:v1.5 container_name: letsencrypt volumes_from: - nginx volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d - /apps/docker/articles/nginx/certs:/etc/nginx/certs:rw - /apps/docker-articles/nginx/html:/usr/share/nginx/html networks: pleroma:My docker version is
Docker version 18.06.1-ce, build e68fc7a
My docker compose version is
docker-compose version 1.23.1, build b02f1306
Running CoreOS version 1911.3.0
-
Adding an SSL (PORT 443) to an Nginx Reverse Proxy Server (PORT 80) - Nginx Config File
Using Ubuntu I generated an SSL using Certbot. This has automatically updated my Nginx configuration file and added an additional listening port. I'm concerned whether I only need to listen for one PORT (80 or 443) and not both, but I'm unable to find the relevant information on whether I need to remove the listening for PORT 80. Please see my configuration file below:
server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name _; location / { proxy_pass http://localhost:3001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } server { root /var/www/html; location / { try_files $uri $uri/ =404; } listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/my.domain.co.uk/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/my.domain.co.uk/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = my.domain.co.uk) { return 301 https://$host$request_uri; } # managed by Certbot listen 80 ; listen [::]:80 ; server_name my.domain.co.uk; return 404; # managed by Certbot }Now that Certbot has added the code to a separate server block, do I need to remove where my initial server block listens at port 80? I had a problem with an old server crashing overnight whenever it was used and I feel it was something related to the Nginx config file that was similar to this.
Sorry if this question is stupid, I'm not very experienced with this and find it tremendously difficult, unfortunately. Thank you for any insight.
-
Letsencrypt Certbot: DNS problem: NXDOMAIN looking up A for
I am trying to set up Certbot on a Linux amazon 2 system with this command
sudo certbotAny help would be greatly appreciated, I am getting this error:
Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.example.com DNS problem: NXDOMAIN looking up A for mysite.comI look in amazon 53 have 2 A records, one going to
example.comand otherwww.example.com, both pointing at my site ip. There are also 4 values for NS that are connected toexample.com. There is one SOA record connected toexample.comIn my httpd.conf I added
<VirtualHost *:80> DocumentRoot "/var/www/html" ServerName "mysite.com" ServerAlias "www.mysite.com" </VirtualHost>