[GH-ISSUE #341] Add `server_url` to JSON storage file #189

New issue

Open

opened 2026-03-13 16:05:32 +03:00 by kerem · 1 comment

kerem commented

2026-03-13 16:05:32 +03:00

Owner

Originally created by @robalexdev on GitHub (May 28, 2023).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/341

I noticed that the libdns/acme-dns provider expects a server_url field to be defined in the JSON storage file. The acme-dns server doesn't set the server_url field in the JSON returned by the /register endpoint.

It would be helpful for the register API to include server_url to make these JSON blobs compatible. Currently, software like Caddy, which uses the libdns/acme-dns provider, will error out when this is missing (ServerURL cannot be empty). Other software defaults to https://auth.acme-dns.io which could accidentally leak information intended for a self-hosted installation to that endpoint.

Can acme-dns add the server's domain as a new server_url field? Including the server's URL directly with the username/password in the JSON storage file would make it more self-contained.

Originally created by @robalexdev on GitHub (May 28, 2023). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/341 I noticed that the [libdns/acme-dns](https://github.com/libdns/acmedns) provider expects a [`server_url` field](https://github.com/libdns/acmedns/blob/c6aef518f41a8f2898c277a11e9b54106fa41006/provider.go#L16) to be defined in the JSON storage file. The acme-dns server doesn't set the `server_url` field in the JSON returned by the `/register` endpoint. It would be helpful for the register API to include `server_url` to make these JSON blobs compatible. Currently, software like Caddy, which uses the libdns/acme-dns provider, will error out when this is missing (`ServerURL cannot be empty`). Other software defaults to `https://auth.acme-dns.io` which could accidentally leak information intended for a self-hosted installation to that endpoint. Can acme-dns add the server's `domain` as a new `server_url` field? Including the server's URL directly with the username/password in the JSON storage file would make it more self-contained.

kerem commented

2026-03-13 16:05:38 +03:00

Author

Owner

@maddes-b commented on GitHub (Sep 21, 2024):

The client called the API via an URL that is unknown to the acme-dns server.
So acme-dns cannot return the URL the client used.
There can be multiple ways to reach a single acme-dns instance (internal, external) with proxies and load balancers (e.g. nginx, kubernetes, etc.) before acme-dns. All depending on the setup by the server admin which is out of reach of acme-dns.

Solution: Client must know the URL to register, then the client should store the server URL for updates.

See https://github.com/maddes-b/acme-dns-client-2 or the https://github.com/acme-dns/acme-dns-client

Please close the issue when solved.

@maddes-b commented on GitHub (Sep 21, 2024): The client called the API via an URL that is unknown to the acme-dns server. So acme-dns cannot return the URL the client used. There can be multiple ways to reach a single acme-dns instance (internal, external) with proxies and load balancers (e.g. nginx, kubernetes, etc.) before acme-dns. All depending on the setup by the server admin which is out of reach of acme-dns. Solution: Client must know the URL to register, then the client should store the server URL for updates. See https://github.com/maddes-b/acme-dns-client-2 or the https://github.com/acme-dns/acme-dns-client Please close the issue when solved.