Tools implementing deSEC

35

Ferron

Ferron v2 ( GitHub - ferronweb/ferron: A fast, memory-safe web server written in Rust. ) supports also deSEC.

    auto_tls
    auto_tls_contact "E-MAIL"
    auto_tls_cache "letsencrypt-cache"
    auto_tls_letsencrypt_production
    auto_tls_challenge "dns-01" provider="desec" api_token="TOKEN"

Stalwart

Stalwart dns-update (GitHub - stalwartlabs/dns-update: Dynamic DNS update library for Rust) and therfore Stalwart ( GitHub - stalwartlabs/stalwart: All-in-one Mail & Collaboration server. Secure, scalable and fluent in every protocol (IMAP, JMAP, SMTP, CalDAV, CardDAV, WebDAV). ). But there is sometimes an progagation timeout. Disscussion at https://github.com/stalwartlabs/stalwart/discussions/2098

Tip for Caddy

https://*.DOMAIN:8443 {
        log
        log_skip /health
        log_skip /metrics

        tls {
                dns desec {
                        token "TOKEN"
                }
                propagation_delay 2m
        }
        respond /health 200 {
                close
        }

        encode {
                br 8 15
                gzip 5
                zstd
        }

        root "/wwwroot/"

        file_server {
                precompressed br gzip
        }
}
What should be minimum in the token settings for dns-01 chalenge?