DNS API for custom DNS wildcard SSL Certificate

How’s that for a descriptive title? Okay. I am running the latest version of MIAB and I am primarily using it as a custom DNS server as well as a dedicated mail server. It is currently hosted on a Digital Ocean droplet and the primary domain registrar is NetEarthOne.

I am a web hosting provider of shared hosting as well as dedicated cloud server hosting all hosted on Digital Ocean droplets and managed from Moss.sh. In most cases, the domains hosted are issued SSL certificates from Let’s Encrypt from the Moss dashboard. However, I do have a few WordPress Multisite networks for which I need wildcard SSL certificates. I would prefer to use Let’s Encrypt to obtain free certificates, but Moss does not provide that ability; therefore, I need to install these certificates via SSH.

I found some instructions that walk through the process of setting up wildcard SSL certificates using acme.sh on Ubuntu (the OS for all my servers). There is this instruction:

In order for Let’s Encrypt to issue a wildcard certificate, you must solve a DNS-based challenge known as Domain Validation (DV). Acme.sh conveniently integrates with the APIs of many major DNS providers and completely automates this process.

This step involves something like this command (for using DO DNS): export DO_API_KEY="your_digitalocean_api_token" followed by (again using DO as the example): acme.sh --issue --dns dns_dgon -d '*.example.org'.

Is there any way to do this with the MIAB API? If so, how would I go about it? My only other option would be to install manually every 90 days or pay for multiple wildcard certificates. Thanks!

I think that you’d get better traction on this looking at it from the Let’s Encrypt side. See if you can get some help from the good folks at


Have something that might help you out. Ran into this post and if you’re still interested there is this DNSAPI for acme.sh. Developed this in 2019 and didn’t see your question until now - as they say “better late than never.”

Simply follow the link and the instructions to using the MIAB DNSAPI can be found there. Good Luck!

@bill.gertz Hiya! Thanks for the suggestion. Since I originally posted this topic, I switched my server management from Moss to RunCloud. With RunCloud, I can use the dns-01 authorization method through the RunCloud/DigitalOcean API, which supports wildcard SSL. I currently have two websites using this method so I have them set up on external DNS in MIAB. So now I can have a wildcard SSL through LetsEncrypt maintained and auto-renewed through RunCloud. Makes me a happy camper!