• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Why i need to do the DNS ACME thing manuall (TXT record) when i use subdomain wildcards and an external dns (Hurricane Electric)

J

jmar83

Regular Pleskian
After the Lets Encrypt valid time period, i get the message that the SSL/TLS certificate cant get renewed automatically. Is there an API which is able to update the TXT records on Hurricane Electric DNS service!?

Thanks for feedbacks.
 
Thank you very much for your feedback. No, not so i think.

Then i will remove the wilcard / ACME the, too many things to do for a small advantage...
 
jmar83 said:
~~Is there an API which is able to update the TXT records on Hurricane Electric DNS service!?
Click to expand...
Not exactly automatic, but we renew all of our Let's Encrypt *wildcard and/or multi-domain(SAN)-*wildcard SSL Certificates via the acme.sh api which works perfectly with all of our cloud servers that our hoster; IONONS provides. There's no need to add or update the domains' txt records manually, because those tasks are performed as part of the api interface process. You need to install acme.sh first of all and familiarse yourself with it, but as an example, just entering a one line instruction like the one below, via SSH, will take the renewal process all the way through the adding / verifying text records to renewing the certificate:

# acme.sh --issue --dns dns_ionos -d **my-domain.com** -d *.**my-domain.com** --server letsencrypt --preferred-chain "ISRG Root X1" --force
Click to expand...

Once you've configured the api, It's a lot less work than the manual process and we've used this for months and never had a problem.
acme.sh is here: GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
FWIW Huricane Electric also appears in the DNS api list. It's item 31 on here: dnsapi · acmesh-official/acme.sh Wiki
 
Thank you vey very much, looks very nice!! :)

Now i've done it manually again - but in future i would say it's better to make it automatically!
 
Another question - i know that is it not Plesk-related: WHY does Let's Encrypt for every new Certificata creation request need a NEW TXT DNS record? * What's the sense behind this?

(* At least when i use wildcard / subdomain http certificates - otherwise not)

That's a lil bit string i.m.o, but, maybe, there are some security and / or genuinity reasons for that?

(In not familiar with all the https SSL/TLS certificate thins - it all other than a trivial thing when i look closer into the details / mechanisms...)

Does somebody know this?

Thank you very very much for your feedback(s)! :)
 

Challenge Types - Let's Encrypt

When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME client, but if you need to make some more complex...
letsencrypt.org
 
You must log in or register to reply here.

Similar threads

K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
335
klowet
K
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
516
Daiv
D
S
Resolved XML API Proxmox Acme Plugin Failure
Replies
1
Views
899
seek1338
S
f0rtem
Question Unable to use SSL unless I expose my IP?
Replies
2
Views
860
f0rtem
f0rtem
H
Resolved Wildcard SSL Certificate Auto Renewals not Working for Let's Encrypt with External DNS
Replies
6
Views
4K
NickSick
N
Back
Top