HTTP Request LEGO (K8s)
- By Canonical Telco
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/stable | 83 | 12 May 2024 | |
| latest/candidate | 83 | 12 May 2024 | |
| latest/beta | 83 | 12 May 2024 | |
| latest/edge | 83 | 12 May 2024 |
juju deploy httprequest-lego-k8s --channel candidate
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Solving the DNS-01 Challenge
To get a certificate using the httpreq plugin and the DNS-01 challenge from a Certificate Authority that implements the ACME server, we need the following:
- The Lego Client
- TLS Certificates Requirer requiring a certificate for a domain name.
- DNS Agent with an HTTP API
- DNS Server (Bind as an example)
- Certificate Authority implementing the ACME protocol (ACME Server)
The diagram below shows how the certificate is acquired by a requirer for their domain name:
- The certificate requirer creates a CSR and sets the common name to the domain name that is requiring the certificate, and a request is initiated using the Lego client and the CSR.
- The Lego client sends the request to the ACME Server.
- The ACME Server will reply with a payload with the content that must be used by the user to create a TXT DNS record to prove their ownership of the domain.
- The Lego client makes a request towards the DNS agent to create a TXT DNS record.
- The DNS agent will create the TXT record.
- The DNS agent confirms the creation of the record through the status code.
- The ACME Client tells the ACME Server that the record is in place for the DSN-01 challenge.
- The ACME Server will validate the creation of the record.
- If the validation of the TXT record was successful, the server will issue the certificate towards the client.
- The client delivers the certificate to the requirer.