Http challenge on external servers

I have not found a suitable entry in the forum. If I open a duplicate, I apologize.

I am currently using the DNS challenge and it also works that I enter the TXT records at the registrar. Since I have to import the certificates at a provider, I have to generate them beforehand.
However, I would like to automate the process and switch to the http challenge. I would use the certbot for this. This prompts me to save the data in the folder on the server.

What I would have to achieve is that Letsencrypt creates these files itself and stores them on the file system. Before the check, I would have to have a chance to store these files on the target server via FTP.
Copying the certificates afterwards would still be manual work, as my provider does not allow anything else. Does anyone have any advice for me on whether this can be done?

Best regars,
Uwe

1 Like

To answer your question directly: it's probably possible to use the --webroot plugin in combination with --debug-challenges for that. With --webroot-path (or just -w) you could write the token to a directory of your convenience. Usually, the --webroot plugin would go directly ahead with getting the token authenticated, but using --debug-challenges would put a temporary hold on that. During that hold you could upload the token file using FTP and when that's done, continue certbot.

That said, this still would be a very manual step. I believe it would be helpful to at least automate the certificate retrieval part of the process. Some thoughts that came to mind:

  • Are you absolutely, 200 % sure you can't automate your DNS? Certbot has a few DNS plugins availalble, but the acme.sh ACME client (nowadays defaulting to ZeroSSL instead of Let's Encrypt!) has a lot of DNS plugins, which you can find here: https://github.com/acmesh-official/acme.sh/tree/12615c46f8cca26b3df2174ddcba0a5118c3e962/dnsapi Maybe your DNS provider is among them.
  • If your DNS provider is not among the certbot DNS plugins but an acme.sh DNS plugin is available and you don't want to switch ACME clients, it's probably not very hard to modify the acme.sh plugin so it can be used by certbot as a --manual-auth-hook.
  • I've tried to look for one, but I didn't find one, but it shouldn't be too hard to script your FTP upload process as a --manual-auth-hook too.

About the importing the certificate at the provider: which provider is that and what kind of control panel are you using? For example, @griffin has written an ACME client written entirely in PHP and although currently not active, it could in the (near?) future also upload the certificate into cPanel.

I also found an interesting Github repository https://github.com/steinsag/hosteurope-letsencrypt which seems to have a lot of interesting scripts, including a script to upload a certificate into a Wordpress (?) environment using " Pyppeteer" which seems to be emulating a browser to do so.. Unfortunately it's all in German and while I had German at school, it's more difficult to read compared to English :stuck_out_tongue: However, very interesting stuff!

1 Like

Thank you for your anser.
Now I have a possible approach. I will ask my domain provider.
My provider is Alfahosting (https://alfahosting.de) and they are unsing a Confixx panel.

1 Like

It seems Alfahosting is actually providing Let's Encrypt certificates, looking at a few FAQs:

https://alfahosting.de/antworten-auf-ihre-fragen/?cid=106&id=471

Although some other FAQs suggests it will cost you money (:face_vomiting:) for some plans:

https://alfahosting.de/antworten-auf-ihre-fragen/?cid=61&id=102#a102

:confused: which is sad..

1 Like

I am reseller and cannot use the internal Letsencrypt server of Alfahosting.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.