Two more options:
- Pick an ACME client which submits challenges one-by-one. lego is one that does this, and supports freemyip.com.
- You can actually mix challenge types in Certbot's manual authenticator. If your webserver is accessible from the internet, you can get Certbot to use the HTTP challenge for the base domain, and the DNS API for the wildcard. I had a go at writing such a hook below, it seems to work fine and should work fine for automatic renewal as well.
You can call it with:
certbot certonly --preferred-challenges http,dns --manual \
--manual-auth-hook "/path/to/freemyip.sh auth" \
--manual-cleanup-hook "/path/to/freemyip.sh cleanup" \
-d certbot-test.freemyip.com -d "*.certbot-test.freemyip.com"
Make sure to chmod +x the script. The contents are below, you'll need to modify the token and the webroot of your domain:
#!/usr/bin/env bash
FREEMYIP_TOKEN="your-freemyip-token"
WEBROOT_DIRECTORY="/path/where/your/website/files/are"
auth() {
shift
if [[ -v CERTBOT_TOKEN ]]; then
mkdir -p "$WEBROOT_DIRECTORY/.well-known/acme-challenge/"
echo "$CERTBOT_VALIDATION" > "$WEBROOT_DIRECTORY/.well-known/acme-challenge/$CERTBOT_TOKEN"
else
curl -s "https://freemyip.com/update?token=$FREEMYIP_TOKEN&domain=_acme-challenge.$CERTBOT_DOMAIN&txt=$CERTBOT_VALIDATION"
sleep 60
fi
}
cleanup() {
shift
if [[ -v CERTBOT_TOKEN ]]; then
rm -f "$WEBROOT_DIRECTORY/.well-known/acme-challenge/$CERTBOT_TOKEN" || true
else
curl -s "https://freemyip.com/update?token=$FREEMYIP_TOKEN&domain=_acme-challenge.$CERTBOT_DOMAIN&txt="
fi
}
declare -A COMMANDS=(
[auth]=auth
[cleanup]=cleanup
)
"${COMMANDS[${1:-auth}]:-${COMMANDS[auth]}}" "$@"