As I currently have no way to open 443 incoming to my server but want to use letsencrypt for IMAPs and SMTP/TLS certificates I have created the certificates manually. However, since there is no support for the dns-01 challenge type aside from manual, after some research it looks like I would need to redo the process every 90 days.
That’s not exactly user friendly, so I’d like to ask for a feature to support dns-01 challenge type for renewal.
We actually just added this feature to Certbot. The only caveat is that you have to provide Certbot a script capable of configuring your DNS due to the large variety of ways this is done on different systems. Certbot sets environment variables to provide your script with the values necessary to complete the challenge. To do this, you need Certbot 0.10.0 and want to run a command like:
certbot certonly --manual --manual-auth-hook /path/to/your/script --preferred-challenges dns
You can learn more about this with certbot --help manual.
Purrfect, thanks! Just testing the nsupdate variant I’m going to need!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.