Letsencrypt Digital Ocean API Method?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: 2e0epv.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 20.04.1 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.40.0

I’m trying to figure out how to install letsencrypt on my digital ocean virtual machine but I’m not sure how to use the API Method.

Hi @KyleBrown

checking your domain there is no ip address defined - https://check-your-website.server-daten.de/?q=2e0epv.com

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
2e0epv.com A yes 1 0
AAAA yes
www.2e0epv.com Name Error yes 1 0
*.2e0epv.com A Name Error yes
AAAA Name Error yes
CNAME Name Error yes

Add an A-entry with your ip address, then create a working port 80 vHost, then start with certbot.

Digital Ocean API Method?

What's that?

Sorry JurgenAuer, this is for postfix and webmail.

That's not relevant where you want to use the certificate (or: It's only the installation question, not the validation question).

The first question: http or dns validation.

Read

Your mail subdomain has an ip address, a Roundcube login and a nginx - https://check-your-website.server-daten.de/?q=mail.2e0epv.com

So start with

certbot --nginx -d mail.2e0epv.com

PS: What's that?

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-09-05 2020-12-04 mail.2e0epv.com - 1 entries
Let's Encrypt Authority X3 2020-09-05 2020-12-04 mail.2e0epv.com - 1 entries
Let's Encrypt Authority X3 2020-09-05 2020-12-04 mail.2e0epv.com - 1 entries
Let's Encrypt Authority X3 2020-09-05 2020-12-04 mail.2e0epv.com - 1 entries
Let's Encrypt Authority X3 2020-09-04 2020-12-03 mail.2e0epv.com - 1 entries

You have already created a lot of certificates. Why do you want to create the next?

Use one of these 60 - 85 days, then create the next.

If you’re following along with https://certbot.eff.org/lets-encrypt/ubuntufocal-other, you can click onto the “Wildcard tab” which will explain how to install Certbot + the Digital Ocean DNS plugin.

The documentation for actually using the Digital Ocean API with Certbot can be found here: https://certbot-dns-digitalocean.readthedocs.io/en/stable/. It includes actual example commands for acquiring the certificates.

As @JuergenAuer mentions, you might just be able to use certbot --nginx instead. It would be simpler, and then you can use that same certificate for your Postfix server.

1 Like

root@Mail-Server:~# certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed
root@Mail-Server:~#

How did you install Certbot? If it was from apt, then I think you need to add:

apt install python3-certbot-nginx

Running the certbot --nginx command I get this output.

I would choose (1), since you want to use that certificate for Roundcube/webmail. This should automatically secure the webmail for you.

Then, you will also need to manually configure Postfix to use the certificate.

You can use https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=intermediate&openssl=1.1.1d&guideline=5.4 to guide you.

The certificate path is /etc/letsencrypt/live/mail.2e0epv.com/fullchain.pem and the private key path is /etc/letsencrypt/live/mail.2e0epv.com/privkey.pem.

Does the end of the path need a ; on the end?

Horray! It finally works! Thanks to everyone on the letsencrypt forums for your help, it wouldn’t have been possible without you! <3

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.