From 7c099f5843f5878834170cb43debd6f74003d467 Mon Sep 17 00:00:00 2001
From: Brian Cunnie <brian.cunnie@gmail.com>
Date: Sat, 16 Jan 2021 11:48:02 -0800
Subject: [PATCH] Docs: procuring a wildcard certificate (beta)

The docs are correct, but the code isn't yet ready.
---
 docs/wildcard.md | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/docs/wildcard.md b/docs/wildcard.md
index 323b76a..0f35dfa 100644
--- a/docs/wildcard.md
+++ b/docs/wildcard.md
@@ -21,11 +21,11 @@ export NAT_IP=$(gcloud compute instances list --filter="name=('sslip')" --format
   jq -r '.[0].networkInterfaces[0].accessConfigs[0].natIP')
 echo $NAT_IP
  # get the fully-qualified domain name, e.g. 35-199-174-9.sslip.io
-export FQDN=${IP//./-}.sslip.io
+export FQDN=${NAT_IP//./-}.sslip.io
 echo $FQDN
  # set IP & FQDN on the VM because we'll need them later
 gcloud compute ssh --command="echo export FQDN=$FQDN IP=$IP >> ~/.bashrc" --zone=us-west1-a sslip
- # create the rules to allow SSH, DNS, HTTP(S) inbound
+ # create the rules to allow DNS (and ICMP/ping) inbound
 gcloud compute firewall-rules create sslip-io-allow-dns \
   --allow udp:53,icmp \
   --network=default \
@@ -37,8 +37,6 @@ sudo apt update && sudo apt upgrade -y && sudo apt install -y docker.io jq
  # add us to the docker group
 sudo addgroup $USER docker
 newgrp docker
- # Let's install the DNS/HTTP Docker image
-docker pull cunnie/wildcard-dns-http-server
  # Create the necessary directories
 mkdir -p tls/
  # disable systemd-resolved to fix "Error starting userland proxy: listen tcp 0.0.0.0:53: bind: address already in use."
@@ -51,21 +49,12 @@ docker run -it --rm --name wildcard \
  -p 53:53/udp                       \
  -p 80:80                           \
  cunnie/wildcard-dns-http-server &
- # sanity check; response should be "35-199-174-9.sslip.io." and "35.199.174.9"
-dig +short ns $FQDN @localhost
-dig +short $FQDN @localhost
- # Set up the acme.sh Let's Encrypt variables
-curl -s -X POST http://$FQDN/register > /tmp/acme-dns.json
+dig +short TXT does.not.matter.example.com @localhost
+ # You should see `"Set this TXT record ..."`
 export ACMEDNS_UPDATE_URL="http://localhost/update"
-# export ACMEDNS_USERNAME=$(jq -r .username /tmp/acme-dns.json)
-# export ACMEDNS_PASSWORD=$(jq -r .password /tmp/acme-dns.json)
-# export ACMEDNS_SUBDOMAIN=$(jq -r .subdomain /tmp/acme-dns.json)
 docker run --rm -it \
   -v $PWD/tls:/acme.sh \
   -e ACMEDNS_UPDATE_URL \
-  -e ACMEDNS_USERNAME \
-  -e ACMEDNS_PASSWORD \
-  -e ACMEDNS_SUBDOMAIN \
   --net=host \
   neilpang/acme.sh \
     --issue \
@@ -80,4 +69,4 @@ Clean-up:
 ```
 gcloud compute firewall-rules delete sslip-io-allow-dns
 gcloud compute instances delete sslip
-```
+```
\ No newline at end of file