Renew Wildcard Domains MS365

rmiller · June 19, 2020, 1:23pm

CentOS 7 / certbot 1.4.0 / Web application running NGINX inside a docker environment.

DNS Records: Managed through MS365
Domain: *.dev.udms.cullinan.systems (wild card domain)

I ran this command: *certbot certonly --manual -d .dev.udms.cullinan.systems --agree-tos --email redacted@email.com --preferred-challenges dns --no-eff-email --manual-public-ip-logging-ok

The certificates are created and I’m happy with results.

However, based on this documentation, I’m forced to use the “manual” plugin and “dns” challenge combination which limits me from setting up automated renewals. Is there a way to setup an auto renewal without moving my domain to a LE supported DNS registrar that has API access?

Thank you for your feedback.

_az · June 19, 2020, 11:52pm

It’s possible by doing a one-time delegation of _acme-challenge.dev.udms.cullinan.systems to something like acme-dns.

Advantage: automation, separation of privilege, independence from your DNS host, Certbot integration available.

Disadvantage: having to run acme-dns and having to open inbound port 53 for it.

rmiller · June 22, 2020, 8:37am

@_az thank you for the response, sadly not an option at this point in time.

system · July 22, 2020, 8:45am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.