Certbot DNS Question

I am utilizing a Linuxserver.io SWAG containter to obtain LetsEncrypt certificates for services that I host from home. I have been using the HTTP method for authentication, however my ISP recently changed and appears to be blocking port 80. I know that I can utilize the DNS method for authentication, but I utilize Dreamhost as my DNS provider and registrar. I would rather not have to move my DNS business to a different provider (cloudflare or other) and would rather stay with what I have. I know that Dreamhost provides Let's Encrypt certificates for sites that they host and they have an API capable of editing DNS etries, but I do not believe that there is a Certbot plugin for DNS authentication. What are my options here? Is this something that could be added?


Welcome to the community @prytzen

One option is to use the acme.sh ACME client instead. It has Dreamhost DNS API support. See HERE

I cannot vouch for it as I have no experience with that DNS system.

If licensing allows, you could try copying that DNS API script and use in certbot auth hook. See the certbot doc for that.


I did find the acme.sh script for dreamhost, but thought that this was different than the certbot application (or just another way to get certificates automatically generated). Im not seeing how to invoke acme.sh from Certbot however.


acme.sh is a different ACME client than Certbot. You use it instead of certbot.

But, if you just take the Dreamhost script you can try the certbot --manual method using the --manual-auth-hook. See docs HERE


It shouldn't be too hard to modify the open source DNS API plugin script from acme.sh so it can work as a --manual-auth-hook script in Certbot. Instead of the variables $1 and $2 within the script, the script could be modified to use the environment variables provided by Certbot. And a part should be added to call the appropriate functions.

Or just copy/paste the code used in the script itself into the two separate auth hook scripts (one to add and one to remove the TXT value). Seems to be very simple enough :stuck_out_tongue:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.