Great !!! It finally worked …
I was trying to run the acme-dns API inside my own server, but I was unable to make the required settings on my domain controller. I think the problem is my controller that does not offer NS records option.
So I decided to try with the API available at https://auth.acme-dns.io. That way I only needed to do a POST at https://auth.acme-dns.io/register to obtain the necessary json to directly use the hook available at https://github.com/koesie10/acme-dns-certbot:
curl -X POST https://auth.acme-dns.io/register
I created an entry in my DNS:
_acme-challenge.polisoftware.com.br. type CNAME pointing to the value that the POST in https://auth.acme-dns.io/register returned in the “fulldomain” field of json.
I created a /etc/acme-dns folder with files:
/etc/acme-dns/acme-dns-certbot-hook
/etc/acme-dns/hook.json
The file acme-dns-certbot-hook can be obtained with the command:
go get github.com/koesie10/acme-dns-certbot-hook
(needs go installed)
The hook.json file must be created with the information obtained from the POST at https://auth.acme-dns.io/register, mine was like this:
{
"acme_dns_url" : "https://auth.acme-dns.io",
"propagation_duration" : "10s",
"domains" : {
"polisoftware.com.br" : {
"allowfrom" : [],
"username":"0683e???????????????????36fdd",
"password":"qT4h1i????????????????????????????????ZasVUN33iO",
"fulldomain":"c5ad???????????????????????????.auth.acme-dns.io",
"subdomain":"c5ade?????????????????????cfa8"
}
}
}
So I made some changes to the file: /etc/letsencrypt/renewal/polisoftware.com.br.conf that looked like this:
# renew_before_expiry = 30 days
version = 0.40.0
archive_dir = /etc/letsencrypt/archive/polisoftware.com.br
cert = /etc/letsencrypt/live/polisoftware.com.br/cert.pem
privkey = /etc/letsencrypt/live/polisoftware.com.br/privkey.pem
chain = /etc/letsencrypt/live/polisoftware.com.br/chain.pem
fullchain = /etc/letsencrypt/live/polisoftware.com.br/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = <YOUR LESTENCRYPT ACC ID>
pref_challs = dns-01,
authenticator = manual
manual_auth_hook = /etc/acme-dns/acme-dns-certbot-hook -config /etc/acme-dns/hook.json
manual_public_ip_logging_ok = yes
installer = nginx
server = https://acme-v02.api.letsencrypt.org/directory
Now the command:
sudo certbot renew –dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/polisoftware.com.br.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator manual, Installer nginx
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for polisoftware.com.br
dns-01 challenge for polisoftware.com.br
Running manual-auth-hook command: /etc/acme-dns/acme-dns-certbot-hook -config /etc/acme-dns/hook.json
Running manual-auth-hook command: /etc/acme-dns/acme-dns-certbot-hook -config /etc/acme-dns/hook.json
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/polisoftware.com.br/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/polisoftware.com.br/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Once again thank you very much for showing the way !!!