TXT records and their role with certbot-auto

My domain is: research-hessen.de
A static (permanent) IPv4 address of 176.94.188.42 is assigned to it.

I ran this command (in a script):
MY_URL=“research-hessen.de

cd /opt/certbot

./certbot-auto -d ${MY_URL} -d *.${MY_URL}                        \
    --rsa-key-size  4096                                            \
    --server        https://acme-v02.api.letsencrypt.org/directory  \
    --manual                                                        \
    --preferred-challenges dns certonly

I do NOT have a problem, but I need some help in understanding the process:

  1. The URL research-hessen.de is bought from vendor “United domains”
  2. In the administration panel for DNS there are 2 TXT records which I have to renew every time when I run certbot-auto for getting new LE certificates
  3. I enter manually these 2 TXT records into the DNS menu of research-hessen.de
  4. I understand the steps 1-3. On my computer a new LE certificate is installed and ready for usage.

I would like to fully automate this process, i.e. also the newly created TXT records should be made available to the DNS section of research-hessen.de. Is this possible?
Or the same question asked in other words: Are the TXT records required? Can I renounce them by simply getting new LE certificates?

It produced this output: n/a

My web server is (include version): Apache 2.4.38

The operating system my web server runs on is (include version): Debian 10.4

My hosting provider, if applicable, is: on my own computer

I can login to a root shell on my machine (yes or no, or I don’t know): yes I can

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): /opt/certbot/certbot-auto --version
Upgrading certbot-auto 1.4.0 to 1.5.0…
Replacing certbot-auto…
Creating virtual environment…
Installing Python packages…
Installation succeeded.
certbot 1.5.0

Could you point me to a command / script which automates the whole process, please?
I’d appreciate if you clarify this issue.
Thanks a lot in advance

Best regards
Dieter

Hi @dieter

you want to create a wildcard certificate, so dns validation is required.

Start with

then

So: If “United Domains” doesn’t support a DNS Api or if there is an API, but you don’t have a client with support of that API, you can’t automate that.

  • Switch to another domain provider with an API (may be impossible),
  • check, if you need a wildcard. If not, http validation is easier to automate.
1 Like