Letsencrypt Wildcard SSL with DNS method

Cloudways is cloud hosting provider, they provide cloud servers from different clouds, we are doing kind of similar thing, where everything is automated, from creating server to creating applications like wordpress, laravel with one click.

So they just ask to point CNAME of _acme-challenge points to something.cloudways.com which is the temporary (initial) domain of application , then after pointing of cname they just enable the wildcard ssl for the client's domain. You can see in this screenshot : -

I wouldn't advise to set a CNAME to point to a temporary hostname. Let's Encrypt certificates require renewal every 60-90 days, so the destination of the CNAME should always be available for performing the dns-01 challenge. So if that hostname is ephemeral, it wouldn't be a very good option.

Also, the question is: are all domain names of your customers under your controle? If not, then that's another difficulty.

3 Likes

we will show clients a message that they need to point CNAME on their dns. once they done with pointing we will genrate/renew ssl.

but point is how to perform this after pointing the CNAME.

hello @9peppe , will this works even when we don't have any type of access to client's DNS.

I don't think you should attempt this without a deep understanding of how it works.

You need to add a specific TXT record on a specific DNS label, so you need either a cname or API access.

3 Likes

CNAME pointing we can do, we can ask clients to point _acme-challenge.temporary.domain.com to thier dns as Cloudways is doing

Please make some experiments.

Use the staging endpoint:

2 Likes

I think this staging endpoint is for avoid rate limits. it will not help us.

It will help you because you are building your system.

It's to make sure it's working as intended.

2 Likes

okay, @9peppe .
Thanks for your support really appreciate, also please let me know if you found anything about this scenario. it would be very helpful for me.

2 Likes

I agree with @9peppe: please develop your system using the staging environment to prevent you for running into rate limits. Once everything seems to be working properly, you can switch to the production environment.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.