I have the following setup currently running:
- Google Cloud VM
- Nginx running on that VM
- Google Cloud DNS
I would like to use DNS based validation as I have the Google Cloud DNS running and adding a record is simpler for me than having to host stuff on the nginx webserver (which only acts as a frontend/caching server for a Java web application)
Now I’m totally lost and confused with all the plugins that seem to want to make changes to the nginx server config, reload the webserver and also automatically add DNS records to the Google Cloud DNS via Google API calls.
My (maybe too simplistic) idea was:
- Add some record to the Google cloud DNS to prove that I’m the domain owner
- Run certbot periodically to obtain a new certificate when the old certificate is about to expire
Is that possible at all? I don’t see the necessity to let certbot do things with my Google DNS via some API, also I don’t see the necessity to let certbot do things with my nginx server config (apart from SIGHUPing the nginx process to make it use the new certificate)
Edit: Oh, and how do I make sure everything works as expected and I don’t end up with expired certificates or something like that in 3 months in the middle of the night? Is there a way to use shorter expiration for testing?