I have a central LE location for all my primary virtual machines and different public servers hosted with google cloud platform. Is it possible to generate the cert without the public ip and copy it to the google cloud platform?
We can’t give much specific information without knowing more about your setup, such as your domains, DNS service, OS, and if you’ve chosen to use a particular ACME client.
For example, Certbot has a Google Cloud DNS plugin now, but it’s not yet easy to install on all platforms.
I have setup the web server part a few years ago. Just struggled with machines not hosted on the same network in the case google cloud platform. But it is sorted now. I followed the instructions and created the txt entry. working like a charm now!
oh know that is not good. In that case. I use certbot on Centos 7, the DNS provider is cpanel based. Can you point me in the right direction documentation wise for a permanent automation setup?
I don’t think that the cPanel Let’s Encrypt client supports wildcard certificates, but I think @_az has written one that does.
You can create a CNAME record like _acme-challenge.example.com IN CNAME _acme-challenge.otherdomain.net and then use, for example, the DNS alias mode in acme.sh in order to use the otherdomain.net API instead of the example.com API. The CNAME record itself can be static and doesn’t need to be updated for renewals; only the resource that it points to needs to be updated, and the CA will follow the CNAME for this purpose.
Indeed it does, but I get the feeling that @RiaanPre doesn't actually need a cPanel Let's Encrypt client, just a way to perform DNS validation against a domain with its DNS hosted on cPanel.
To that end, I've created a simple auth hook that can be used with Certbot to achieve this in an automated manner:
Seems like it's needed often enough that I may as well create it