DNS plugin help required


#1

Hi, we are trying to install wildcard certificate on our Ubuntu 16.0.4 LTS with apache2 server. We have checked the certbot site and found the following command

$ sudo certbot -a dns-plugin -i apache -d "*.example.com" -d example.com --server https://acme-v02.api.letsencrypt.org/directory

We need to understand which dns plugin should we use, because we have our own DNS server.


#2

If your server is BIND or any other server that supports RFC2136 (Dynamic DNS Updates), you can use the Certbot plugin of the same name - https://certbot-dns-rfc2136.readthedocs.io/en/latest/


#3

Yes we do use BIND. Is it necessary to use DNS plugin for wildcard certificate? Is there any other way like http challenge?


#4

Yes, it’s required - Let’s Encrypt requires the DNS challenge to be used for wildcard names.


#5

Is there any manual method for DNS challenge checking because we do maintain our DNS server, we can add manual entries of required challenge. Is there any manual way?


#6

Yes, you can do it manually.

But keep in mind that you would have to manually repeat the process every 60-90 days, since the authorization has a “freshness” requirement.

certbot -i apache -a manual -d "*.example.org" --preferred-challenges dns

#7

Please check the following link

https://tinyurl.com/n94t9bq

Its related to the same issue, please check its accepted answer.


#8

Yes, it’s more or less the same as what I wrote, except you want the Apache installer to be used rather than certonly.

All the stuff about plugin hooks is irrelevant to you, since if you wanted to automate it, you could just use the RFC2136 plugin and avoid any scripting.


#9

Thank you so much for your quick response. I think I have found the exact tutorial regarding the above said issue. Last but not the least here is the link of that tutorial

https://tinyurl.com/y7r6tgly

Please verify this, because I am going to test this. If it is correct then it will be helpful for others as well.


#10

@AKarimKazi Please don’t link to shortened URLs on the forum, to me it looks kinda like it could be spam.


#11

Sure, I will be taking care of that next time


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.