Let's Encrypt | DNS-01 Challenge | automation

cmasterdelphi · February 15, 2021, 1:54pm

Hello,

I am planning to create a round-robin configuration on my Mail-in-a-Box DNS configuration (2 A-records pointing to different IPs) because my internet connection to my private webserver is not very stable. (getting a better/new internet connection is not possible) This gives me hope, to achieve higher “uptime” even if my website is only for very limited personal use. Anyway, now I run into troubles with the let’s encrypt certification.

I was planning to set up a DNS-01 challenge instead of HTTP-01 but I do not want to do this manually every-time. I understood there are plugins for bigger DNS/domain hosters but I was wondering, if someone achieved some kind of automation Mail-in-a-Box.

(Just as Information, here is the thread which I opened on letsencrypt which led to this question: https://community.letsencrypt.org/t/lets-encrypt-certificate-on-2-apache-servers-via-round-robin/145017/14)

openletter · February 15, 2021, 3:53pm

I have wondered about this, too, but for a different server where I just installed this.

This looks like it might be a place to start, because otherwise I’m pretty sure your rolling your own:

openletter · February 15, 2021, 4:17pm

Oh, also be aware that if you are using wildcard certs, which for me was the reason to use the DNS01 verification option, the wildcard will only cover for the subdomains created. For example, *.example.com will cover box.example.com but will not cover ns1.box.example.com. I’m not sure if you have to specify separately *.*.example.com and *.example.com or if just *.*.example.com will also apply to box.example.com. I only just installed my first wildcard, ever.

openletter · February 15, 2021, 9:35pm

Geez, I always forget about this great project called acme.sh.

The link goes directly to the automatic DNS API integration section and I’m pretty sure there’s a configuration to get working within MiaB.

daveteu · February 16, 2021, 2:07am

would have given you 20 if I could

cmasterdelphi · February 16, 2021, 1:22pm

Thank you so much. I even found it:

Also the DNS API for MailinaBox can be found in the admin panel > custom dns | section: Custom DNS API

openletter · February 17, 2021, 2:23pm

lol… I didn’t scroll through the whole thing. Thanks for that.

cmasterdelphi · May 28, 2021, 6:38am

Just to follow up on here:

The script worked. I was able to do the DNS-01 challenge with the script and it also auto-renewed 3 month later the certificates on both servers (round robin).