Subdomains for XMPP Server

dynDNS at dedyn.io
1

Hello,
I have installed a XMPP Server and need subdomains and I tried it to get it work reading all here but I am able doing it.
I need the subdomains conference. .dedyn.io
pubsub..dedyn.io
upload.******.dedyn.io
Can anybody explain what I have to do that I can use that subdomains?
I tried it that way:

curl -X POST https://desec.io/api/v1/domains/EXAMPLE.dedyn.io/rrsets/ \
	--header "Authorization: Token YOUR_PASSWORD_HERE" \
	--header "Content-Type: application/json" \
	--data '{"subname": "*", "type": "CNAME", "ttl": 3600, "records": ["EXAMPLE.dedyn.io."]}'

but I got any time {“detail”:“Invalid token.”} back

Thanks for help
Thomas

2

Hi Thomas,

Thanks for your message, and welcome to deSEC! :slight_smile:

The message {"detail": "Invalid token."} means that the content of your Authorization: header was invalid. It looks like you’re not passing a valid API token.

Is it possible that you are passing your account password in the header? That’s not correct. It needs to be a token, which you can generate using our web interface.

Stay secure,
Peter

3

Hi Peter,
thanks for your answer.

now I tried that way with token:

curl -X POST https://desec.io/api/v1/domains/example.dedyn.io/rrsets/ --header “Authorization: Token FcL5OMQ5NxNJyywbciMNWhcEvmXQ” --header “Content-Type: application/json” --data ‘{“subname”: “*”, “type”: “CNAME”, “ttl”: 3600, “records”: [“example…dedyn.io.”]}’

“created”:“2020-07-13T16:36:53.966589Z”,“domain”:“example…dedyn.io”,“subname”:"",“name”:".example.dedyn.io.",“records”:[“example…dedyn.io.”],“ttl”:3600,“type”:“CNAME”,“touched”:“2020-07-13T16:36:53.973319Z”}
In case adding another one with different token I got that:

curl -X POST https://desec.io/api/v1/domains/example..dedyn.io/rrsets/ --header “Authorization: Token SxJzZXGHGll7haTYX76VbvsSpbxg” --header “Content-Type: application/json” --data ‘{“conference”: “*”, “type”: “CNAME”, “ttl”: 3600, “records”: [“example…dedyn.io.”]}’

{“detail”:“RRset example…dedyn.io. IN CNAME: Conflicts with pre-existing RRset”}

The two dots between example and dedyn are cause I only can add two links so forget one of the dots.

What I have done wrong and what I have to do to get upload.example. conference.example. pubsub.example. at the same time running?

Thanks for help
Thomas

4

Hi Thomas,

You should never post any passwords or tokens in public places.

The two dots between example and dedyn are cause I only can add two links so forget one of the dots.

You can use ``` in separate lines before and after your terminal output, to denote it as a code block. Links are not highlighted in code blocks, so there should be no issue with the number of domains.

What I have done wrong and what I have to do to get upload.example. conference.example. pubsub.example. at the same time running?

The JSON payload has a field called "subname". You somehow renamed that field to "conference". There is no such field in our API, and it is simply ignored. The server falls back to the default, which is the empty subname. However, you already have created a record with an empty subname, hence the conflict.

Stay secure,
Peter

5

Instead of “conference” : “*” you probably want “subname”: “conference”?

Also, if you want to overwrite an existing record, you have to use PUT and not POST.

You can also try my quick&dirty web interface at

https://webadmin.on.dedyn.io/

Perhaps that is easier for you. :slight_smile:

6

Hi
your webadmin interface is easier but I am not able to get it right that it will work for my xmpp server together with letsencrypt.

What can I do that I will get a certificate for this:

acme.sh --issue -d example.dedyn.io -d upload.example.dedyn.io -d pubsub.example.dedyn.io -d conference.example.dedyn.io --keylength 4096 -w /var/www/letsencrypt --key-file /etc/letsencrypt/example.dedyn.io/key.pem --ca-file /etc/letsencrypt/example.dedyn.io/ca.pem --cert-file /etc/letsencrypt/example.dedyn.io/cert.pem --fullchain-file /etc/letsencrypt/example.dedyn.io/fullchain.pem --reloadcmd "sudo /bin/systemctl reload nginx.service"

I am getting back this error:

upload.example.dedyn.io:Verify error:Invalid response from http://upload.example.dedyn.io/.well-known/acme-challenge/abcdefghijk [xxx.xxx.xxx.xxx]

For my domain example.dedyn.io I am getting my certificate but I do not get it for my subdomains.

BR
Thomas

7

According to https://github.com/acmesh-official/acme.sh/wiki/dnsapi#71-use-desecio, you want to use --dns to use DNS verification, and don’t forget to set DEDYN_TOKEN.

In case you want to use HTTP verification, you’d have to create A or CNAME records for all the subdomains, pointing to your webserver (i.e. "* CNAME example.dedyn.io.").

8

I have added on your webadmin site " * CNAME example.dedyn.io. " and If I try to
do verification using HTTP

curl "https://update.dedyn.io/update?username=upload.example.dedyn.io&password=abcdefgh"

I am getting back

Domain not eligible for dynamic updates, please contact support.

So what I am doing wrong?
I need those aliases that I am getting the right certificate from letsencrypt for my ejabberd server.

BR
Thomas

9

Why do you want to update a CNAME via the DynDNS api? DynDNS API is only supported for the main name of each domain. When you update that name, the CNAME will “follow”. If you need multiple A records in the same domain, you’d have to update them via the desec API, not the DynDNS api.

10

An XMPP Server is working in a different way. There is the normal chat which is working with example.com then there is the function UPLOAD, PUBSUB, CONVERSATIONS which is working with with upload.example.com, pubsub.example.com and conversations.example.com. All that functions need a certificate which are created with acme.sh -d example.com -d upload.example.com -d pubsub.example.com .........
If an XMPP Server has all that informations then it will work with all functions.
How do I have to work with the desec API cause I think there is the solution?