nginx-ui/internal/cert/config/rfc2136.toml

Name = "RFC2136"
Description = ''''''
URL = "https://www.rfc-editor.org/rfc/rfc2136.html"
Code = "rfc2136"
Since = "v0.3.0"

Example = '''
RFC2136_NAMESERVER=127.0.0.1 \
RFC2136_TSIG_KEY=example.com \
RFC2136_TSIG_ALGORITHM=hmac-sha256. \
RFC2136_TSIG_SECRET=YWJjZGVmZGdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU= \
lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run

## ---

keyname=example.com; keyfile=example.com.key; tsig-keygen $keyname > $keyfile

RFC2136_NAMESERVER=127.0.0.1 \
RFC2136_TSIG_FILE="$keyfile" \
lego --email you@example.com --dns rfc2136 -d '*.example.com' -d example.com run
'''

[Configuration]
  [Configuration.Credentials]
    RFC2136_TSIG_KEY = "Name of the secret key as defined in DNS server configuration. To disable TSIG authentication, leave the `RFC2136_TSIG_KEY` variable unset."
    RFC2136_TSIG_SECRET = "Secret key payload. To disable TSIG authentication, leave the `RFC2136_TSIG_SECRET` variable unset."
    RFC2136_TSIG_ALGORITHM = "TSIG algorithm. See [miekg/dns#tsig.go](https://github.com/miekg/dns/blob/master/tsig.go) for supported values. To disable TSIG authentication, leave the `RFC2136_TSIG_KEY` or `RFC2136_TSIG_SECRET` variables unset."
    RFC2136_NAMESERVER = 'Network address in the form "host" or "host:port"'
  [Configuration.Additional]
    RFC2136_TSIG_FILE = "Path to a key file generated by tsig-keygen"
    RFC2136_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 2)"
    RFC2136_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 60)"
    RFC2136_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
    RFC2136_SEQUENCE_INTERVAL = "Time between sequential requests in seconds (Default: 60)"
    RFC2136_DNS_TIMEOUT = "API request timeout in seconds (Default: 10)"

[Links]
  API = "https://www.rfc-editor.org/rfc/rfc2136.html"