Skip to content

spaaleks/caddy-dns-technitium

Repository files navigation

caddy-dns-technitium

A Caddy DNS provider plugin for Technitium DNS Server using the HTTP API. No TSIG keys required.


Prerequisites

  • Technitium DNS Server ≥ 8.x (API token support)
  • xcaddy for building Caddy with the Plugin

Getting an API Token

  1. Open the Technitium web UI > Settings > API.
  2. Create a new token (or use the one shown after login).
  3. Note the token string into your api_token.

Note: You do not need TSIG or DDNS setup. This plugin speaks only to the Technitium HTTP API.


Building Caddy with this Plugin

xcaddy build \
  --with github.com/spaaleks/caddy-dns-technitium

Or using a local checkout during development:

xcaddy build \
  --with github.com/spaaleks/caddy-dns-technitium=./caddy-dns-technitium

Caddyfile Configuration

{
  acme_dns technitium {
    server_url  http://your-technitium-server:5380
    api_token   YOUR_API_TOKEN_HERE
    # stale_record_timeout 15m  # optional, default 15m, set to 0 to disable
  }
}

example.com {
  tls {
    dns technitium {
      server_url  http://your-technitium-server:5380
      api_token   YOUR_API_TOKEN_HERE
      # stale_record_timeout 15m
    }
  }
  respond "Hello, HTTPS!"
}

JSON Config (Caddy API)

{
    "apps": {
        "tls": {
            "automation": {
                "policies": [
                    {
                        "subjects": ["example.com"],
                        "issuers": [
                            {
                                "module": "acme",
                                "challenges": {
                                    "dns": {
                                        "provider": {
                                            "name": "technitium",
                                            "server_url": "http://your-technitium-server:5380",
                                            "api_token": "YOUR_API_TOKEN_HERE"
                                        }
                                    }
                                }
                            }
                        ]
                    }
                ]
            }
        }
    }
}

Environment Variables (recommended for secrets)

Instead of hardcoding the token, use Caddy's environment variable substitution:

{
  acme_dns technitium {
    server_url {$TECHNITIUM_URL}
    api_token  {$TECHNITIUM_TOKEN}
  }
}

Then run Caddy with:

export TECHNITIUM_URL=http://dns.internal:5380
export TECHNITIUM_TOKEN=your-api-token
caddy run --config Caddyfile

Supported Record Types

Type Supported
TXT ✅ (primary — used for DNS-01 challenge)
A
AAAA
CNAME
MX
NS

How It Works

  1. Caddy requests a TLS certificate and starts an ACME DNS-01 challenge.
  2. This plugin calls POST /api/zones/records/add on your Technitium server with the _acme-challenge.<domain> TXT record.
  3. After ACME verification, the plugin calls POST /api/zones/records/delete to clean up.

All requests are authenticated with ?token=<api_token> as a query parameter, as required by the Technitium HTTP API.


Running Tests

Unit tests (mocked, no server needed):

go test -v ./...

Integration tests (requires a running Technitium instance):

docker compose -f test/docker-compose.yml up -d technitium
go test -v -tags integration ./...
docker compose -f test/docker-compose.yml down -v

Recommended: Technitium API Proxy

If you expose your Technitium DNS server to Caddy over a network, consider using technitium-api-proxy — a security proxy that adds fine-grained access control to the Technitium HTTP API.

Instead of giving Caddy a full-access API token, the proxy lets you:

  • Restrict tokens to specific zones and subdomains (e.g. only _acme-challenge.*.example.com)
  • Limit allowed operations (e.g. only add/delete, no zone management)
  • Filter by record type (e.g. only TXT records for ACME challenges)
{
  acme_dns technitium {
    server_url http://your-proxy-host:31399
    api_token  YOUR_RESTRICTED_TOKEN
  }
}

Troubleshooting

Problem Solution
invalid token error Check your API token in Technitium Settings → API
zone not found Ensure the zone exists in Technitium before requesting a cert
Plugin not recognized Rebuild Caddy with xcaddy including this module
Timeout errors Check server_url is reachable from the Caddy host

License

MIT

About

A Caddy DNS provider plugin for Technitium DNS Server using the HTTP API. No TSIG keys required.

Topics

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors

Languages