I would like to obtain a certificate for a website which is accessible only by intranet, in this post (message 52) SChoen recommended me to use either the client “Neilpang
/ acme.sh” or “Srvrco / getssl”. I started by reading the “Neilpang / acme.sh” documentation, so according to the documentation, I can use the “Automatic DNS API integration” method to obtain a certificate if my DNS provider supports API access. My question is:
Does “DNS provider” mean our Internet service provider ? if so, our Internet service provider is: “Algerian Academic Research Network” (also known as ‘RNA’)
and this one doesn’t appear in the proposed list , so I conclude that I must use the “the DNS manual mode” am I right ?
Thank you for your reply
We have in the same server two websites “elearning.univ-bejaia.dz” and “logitheque.univ-bejaia.dz” I want to get a certificate for the second one “logitheque.univ-bejaia.dz” because the first one has already a certificate and it is accessible via the internet. Here is the result when I ran the command “dig + noall + answer mydomainname ns” :
Your nameservers are ns1.univ-bejaia.dz and ns2.univ-bejaia.dz.
Unless these nameservers support updating via RFC2136 or via PowerDNS API (if they are PowerDNS nameservers), then it is unlikely that you would be able to setup automatic validation with them, and you’d be stuck with the manual plugin.
You would need to find out from whoever runs those nameservers.
We have at the university an internal DNS server . After creating a virtual host for the domain “logitheque.univ-bejaia.dz” the DNS manager added this domain to the internal DNS. So if I have understood correctly, I have to ask the DNS manager if API access is suported (API supported by the acme.sh script) if yes, the DNS manager will have to make the necessary configurations to allow automatic addition of the records in the DNS. If not, with the manual method, the addition of the records must be done manually after each renewal of the certificate
am I right?
You also have the advanced option of delegating the _acme-challenge records of your subdomains to a public DNS provider like Cloudflare (or anybody else who has an API), using CNAME or NS records. This would enable you to automate acme.sh.