Certify the web auto-renew


#1

Hi,

I am using Certify the web for my IIS sites. It is set to auto renew the certificate. I generated the certificates using the DNS-01 challenge. Do I need to create a new TXT entry in my hosting every time the certificate is due to renew?


#2

Hi @AngryDog

yes. If you want to get a new certificate, a new token is created. So the ACME-client must compute a new value (token + computed value of the account key -> computing -> value as TXT entry).

So without an API of your DNS-provider it’s painful.


#3

Hi Juergen,

Thanks for your reply and shattering my dreams :smiley: I’d been told elsewhere that it wouldn’t be a problem, but this is going to become one as we have quite a few websites. I do not think our DNS provider has an API that we can use either. We have deployed Let’s Encrypt certs to all of our sites already so this is going to be fun…


#4

You did the all DNS TXT records manually?

If your DNS provider doesn’t have an API, do you have access to any other DNS system (that can be used with an API)? Can you stand up your own DNS server that can be reached by the Internet?

[even a separate Windows DNS system can work for this - even a RaspberryPi can work for this!]
[you don’t need to change your DNS provider - you can simply CNAME the ACME challenge TXT record entries]


closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.