Today I used a script (dl.eff.org/certbot-auto) to install a wildcard certificate on my Raspberry Pi and that went without problems.
Unfortunately, from what I’ve read I have to manually recreate the TXT record for verification with every renewal, something I would like to be done automatically with a script.
Since I have API access, I wrote a PHP script that uses CMD_API_DNS_CONTROL to add a TXT DNS record using values entered in the URL to the PHP-script.
Unfortunately I have yet to figure out how to delete old TXT records that way. Apparently adding a TXT-record with the same name doesn’t overwrite the old one and the delete-examples I found were written for other types of records, I can’t get those to work…
Plus, how can I get the certbot-auto script to call the PHP-script? --help doesn’t show the options --manual-auth-hook and --manual-cleanup-hook, if those can’t be used, then what?
Since the dry run of certbot-auto ends successfully, it looks like that I’ve got 1 PHP and 2 Bash scripts working perfectly to do an automatic renewal
There’s one thing I’m wondering about though. Is the name of the TXT-record always _acme-challenge.mydomainname.com, it’s just the value that’s different? Couldn’t find a variable with the TXT-records name in it, just the value, so I hardcoded the name.
Yep, _acme-challenge is hard-coded in the ACME draft.
The only variation is that if you requested a certificate for www.example.org, then the validation record would be for _acme-challenge.www.example.org rather than just _acme-challenge.example.org.
I’m only interested in *.mydomainname.com, for www.mydomainname.com I currently don’t have to do anything because there’s already a Let’s Encrypt certificate on the webserver at the hoster. The wildcard-certificate is only being used within my network.
