Acme.sh, wildcard certificates and CNAME?

Help
1

Hello all !
I have changed registrar for my domain and discovered that this new one does not offer neither the API interface nor the possibility to add an NS record.
On my previous registrar I used to have an NS record pointing to a server where I had an acme-dns process running so I could easly use the amce.sh script to renew my wildcard certificate:
acme.sh --renew --server 'letsencrypt' --dns dns_acmedns -d *.firstdomain.tld
It was very easy ( kind of ) and very stable.

I also have another domain, on another register where I can have the NS record configured. Unfortunally, I cannot use this registrar for the first domain ( it's missing some more important features ).
While it's not big deal to renew the wildcard certificate by hand, with the MANUAL challenge, it's just one or two scripts to launch every three months, I was wondering if it could be possible to use CNAME to revert to an automatic deply.
I don't really understand how this works so I was thinking maybe someone can help me understand better.

Did someone has already done something like this and will share a bit of knowledge ?
Cannot find too much on the net.

Thanks in advance.
Pigi_102

2

New registrar sounds unhinged. But: you can probably use a cname and acme-dns, yes.

2 Likes
3

Sounds like a poor decision--perhaps you could change again, either back to your previous registrar, or to another one that's less user-hostile?

3 Likes
4

Agree with my fellow volunteers suggesting a different registrar.

But, if you can add a CNAME see: DNS alias mode · acmesh-official/acme.sh Wiki · GitHub

3 Likes
5

Thanks for comments.
I know I should change registrar but here in Italy if you own a farm you are required to have a PEC ( that is a certified e-mail ). Government want that.
PEC providers are few and certified by the goverment itself and you are required to use them.
To have a PEC with your company name ( something like mycompany@pec.mycompany.it which, indeed, is very professional :wink: ) the only way is to use a small part of them. One of them ( the cheapest ) is the one I use now.
The previous one was more free on the DNS configs, but it costs like 50 times more, and that for a small company like mine was too much expensive so I had to accept some compromises.
Now, back on track.
I have seen the DNS alias mode, and will do some tests.
Not sure I have full understood how it works, but probably I'm starting to figure out.
We will see....
Thanks

4 Likes