Change autorization type?


#1

Hi

How to change the way DNS authorization is done in the way of webroot-nginx authorizations?
I generated the certificate with this command:

certbot --server https://acme-v02.api.letsencrypt.org/directory -d ‘example.tld’ -d ‘* .example.tld’ --config-dir / etc / letsencrypt --email user @ example .tld --manual --preferred-challenges dns certonly --agree-tos

Unfortunately, the certificate generated in this way does not update automatically after expiration.

I would therefore change the DNS authorization to webroot Nginx.

When I tried to generate a certificate with webroot authorization,
I received a response from the server that only DNS authorization is possible for this domain.

How to do it exactly?

Cheers


#2

Hi @Jacekalex

you want a wildcard certificate. There is only dns-01 - validation possible.

So you can’t use nginx or webroot.

Check the dns-plugins. Or acme.sh - that has a lot of dns-support.

Moved to “Help”


#3

Check the dns-plugins. Or acme.sh - that has a lot of dns-support.

I currently store my domain on the freedns.42.pl DNS server
I can also use DNS OVH servers, where I bought a domain

What is the best way to update a wildcard certificate by the CRON command?

I have a VPS server with Debian Stretch, also CRON is not a problem, but in the letsencrypt configuration I would prefer to keep repositories of Debian or shell scripts.

My config:

# renew_before_expiry = 30 days
version = 0.25.1
archive_dir = /etc/letsencrypt/archive/example.tld
cert = /etc/letsencrypt/live/example.tld/cert.pem
privkey = /etc/letsencrypt/live/example.tld/privkey.pem
chain = /etc/letsencrypt/live/example.tld/chain.pem
fullchain = /etc/letsencrypt/live/example.tld/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = {account_code}
manual_public_ip_logging_ok = True
pref_challs = dns-01,
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = manual
installer = None
config_dir = /etc/letsencrypt

Cheers


#4

You have to check if your dns provider supports an API (= Application Programming Interface) and if Certbot or acme.sh has a plugin that supports this API.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.