This is Sunil from Deloitte, seeking your support on automating the process of renewing the Lets Encrypt certs in our environment.
Here is the quick background of our current setup which we are using to generate and renew the Let's Encrypt certs.
The current setup which we have is in GCP, where we are generating txt records using certbot for each domain and updating it manually on DNS for domain validation.
Public ip mapped to domains are GCP Loadbalncer public IP's, so we cant validate the domains using public IP(on on-prem it was done through HA proxy), also we don't have access to LB's as it managed by CSP.
3.DNS servers are hosted on windows name servers, which are still on on-premises and managed by client network team.
I know there are API's which supports automating this process, if the DNS providers are third party vendors like cloud DNS, Route 53 or GoDaddy etc...
It is very tedious task to update the txt record manually all the time while generating and renewing the certs.
Considering the above situation, is there any way where we can automate the cert generation and renewal process?
Please let us know the steps if we can achieve this.
Hi @Sunil2, welcome to the LE community forum, and Happy New Year!
Given that you are using Windows DNS [for authoritative zone], I would have you consider obtaining the certs via a Windows client [or any client] that can integrate with them directly.
If you are not too concerned with where the certs are being obtained, and renewed, the simplest solution to that [IMHO] is to use a native Windows client on one of those Windows DNS servers.
Thanks @rg305, we can't use Windows DNS servers as we don't have access to them, can you please suggest me any specific client which we can try to integrate.
