Issuing of Let's Encrypt SSL certificates automatically with DNS challenge
Let's Encrypt provides free SSL certificates for three months. The period is too short and there are multiple tools for automatic generation of new fresh SSL certificates each three months automatically. One of the most used tools is acme.sh, a bash script client that supports multiple web servers and automatically verifies the new SSL certificates.
ClouDNS is officially supported by acme.sh as a provider for automatic completion of the DNS challenge of Let's Encrypt. The only one thing required for the automatic generation of Let's Encrypt SSL certificate is an access to our HTTP API. All our Premium DNS and DDoS Protected DNS plans include access to the HTTP API and can be used to generate free SSL certificates with Let's Encrypt for any hostname you need.
Installation of acme.sh client
Official documentation: https://github.com/Neilpang/acme.sh/
The client can be installed with a single command. With the following command the client will be downloaded and installed into the home directory (~/.acme.sh/) of the current user running the command. During the installation a cron job will be generated for the user in order to renew automatically the issued SSL certificates. Installation command:
curl https://get.acme.sh | sh
First you need to log into your control panel and create new HTTP API user from the "API" page in top of your control panel.
Once the HTTP API user is created, you need to configure them into the acme.sh client. You can do this by adding them as bash environment variables:
or setup them into the file ~/.acme.sh/dnsapi/dns_cloudns.sh by uncommenting the following lines:
Issuing of SSL certificates
acme.sh --issue --dns dns_cloudns -d example.com
acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com -d cp.example.com
Difference between Comodo SSL certificates and Let's Encrypt SSL certificates
As you know, ClouDNS provides Comodo SSL certificates. Currently there is no difference in the security between the provided Positive SSL certificates and Let's Encrypt SSL certificates. The advantage in the Positive SSL certificates is that they are issued by Comodo for 1, 2 or 3 years (Let's Encrypt are issued for 3 months) and the relying party warranty they have. The Let's Encrypt SSL certificates are good option for mail servers, control panels, internal systems and other type of administrative services, but using trusted SSL certificates is still advantage for commercial web sites.