Any way to do an automated renewal when port 80 is blocked by ISP and DNS server has no API?


#1

Is there any way to do an automated renewal for a self-hosted site when the ISP blocks port 80, and my DNS provider does not offer an API? I am able to successfully renew by using my DNS provider’s web interface to manually create the TXT records, but that is nuisance I would prefer to avoid if possible.

I am willing to install a DNS server onto my system for use with a CNAME redirect, if someone can direct me to a tutorial on how to do so. I have tried setting it up myself, but cannot seem to get the DNS server accessible from outside my local LAN (I have forwarded port 53 on my router, and allowed it through my firewall) - I suspect my ISP is blocking that port also, but cannot find any documentation to confirm it, and am new enough to DNS stuff that I may well have mis-configured something.

I am not willing to pay for an alternate DNS provider, nor am I willing to pay for a dedicated web-hosting service. I would definitely be willing to consider a free service, as long as it can be used in conjunction with my existing setup.

My DNS provider is: Google Domains (note: this is different from Google Cloud DNS, which does have an API)

My domain is: shadowspassing.com

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows 10 Pro

My hosting provider, if applicable, is: None - I am self-hosting.

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Hi @Shadowpheonix,

You could set a CNAME record to point _acme-challenge to an external DNS provider that does offer an API. An example that’s often been recommended here is CloudFlare’s DNS, which is free of charge.


#3

Extending @schoen’s response:

You could take a look at https://github.com/joohoi/acme-dns, which could be easier to achive without the need to switch dns provider :smile:

Thank you


#4

But @Shadowpheonix said:

If so, that would preclude the use of acme-dns on that machine.


#5

I think he means he tried to setup his own (binding) DNS server at home…

Isn’t ACME-DNS is pushing TXT records to the acme-dns records & cnamed the record to local _acme-challenges?

Which means it could be working.

P.S. he’s using google domain dns, which has the cname choice…


#6

acme-dns is intended to be self-hosted, though I don’t think anything prevents anyone from using auth.acme-dns.io.

A third option would be to simply move all DNS hosting to Cloudflare.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.