It’s slightly orthogonal to Let’s Encrypt as such, but the usefulness of automated updates for the DNS-01 challenge makes me think I could get some good feedback here. I have a few domains that I use for personal purposes. The domains are registered through, and DNS handled by, easydns.com. I’m happy with their service and pricing, but have recently learned that the API I understood they had was only a beta, and that beta is now closed. They say they’re working on a replacement, but no ETA.
I’m also coming up with some use cases that would make DNS validation more interesting to me than it has been up to this point, so that has me interested in looking at other DNS hosts. I really only need DNS hosting; I handle my own web/mail hosting, and I’m quite happy with easyDNS as a registrar. Who would you suggest?
Personally I’ve used a few different ones - I find cloudflare ( the free option, and I use DNS hosting only) works well - the API is easy to use and works well.
I’ve used route53 pretty happily. There’s a good Certbot plugin for it. And its API has one really important feature: it tells you when your updates have been pushed to all authoritative servers, so you know when things are ready to proceed.
I’m using https://www.cloudns.net (Personal Plan) and I’m pretty happy but as @serverco, I think Cloudflare is a really good option… and free, you will have all that you need and a lot of acme clients like certbot or acme.sh support cloudflare out of the box.
If you want to stick on your current provider, you could take a look to acme-dns, it is a simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. The “problem” is that you should host it on your server but it is easy to implement… I’m planning to write a guide now that it supports adding two txt records per registration (needed to issue a certificate covering domain.tld and *.domain.tld).
Thanks for all the suggestions. I think I’ll give Cloudflare a try–the price is right, and it looks like it’s supported by pfSense’s implementation of acme.sh as well, which was one of the places I was wanting to use it. But acme-dns sounds intriguing as well; I’ll have to take a look at it.
Signed up for Cloudflare yesterday and migrated my DNS records over there. Installed acme.sh on a few of my internal servers and it was able to issue without difficulty, which is just what I was hoping for–now I can get rid of some of the public DNS records that don’t serve any other purpose. Thanks again for the feedback.
