Issuing of Let's Encrypt SSL certificates automatically with DNS challenge

Let's Encrypt provides free SSL certificates for three months. The period is too short and there are multiple tools for automatic generation of new fresh SSL certificates each three months automatically. One of the most used tools is acme.sh, a bash script client that supports multiple web servers and automatically verifies the new SSL certificates.

ClouDNS is officially supported by acme.sh as a provider for automatic completion of the DNS challenge of Let's Encrypt. The only one thing required for the automatic generation of Let's Encrypt SSL certificate is an access to our HTTP API. All our Premium DNS and DDoS Protected DNS plans include access to the HTTP API and can be used to generate free SSL certificates with Let's Encrypt for any hostname you need.

Installation of acme.sh client

Official documentation: https://github.com/Neilpang/acme.sh/

The client can be installed with a single command. With the following command the client will be downloaded and installed into the home directory (~/.acme.sh/) of the current user running the command. During the installation a cron job will be generated for the user in order to renew automatically the issued SSL certificates. Installation command:

curl https://get.acme.sh | sh

 

Configuration

First you need to log into your control panel and create new HTTP API user from the "API" page in top of your control panel.

Once the HTTP API user is created, you need to configure them into the acme.sh client. You can do this by adding them as bash environment variables:

export CLOUDNS_AUTH_ID=XXXXX
export CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"

or setup them into the file ~/.acme.sh/dnsapi/dns_cloudns.sh by uncommenting the following lines:

#CLOUDNS_AUTH_ID=XXXXX
#CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"

 

Issuing of SSL certificates

Single domain:

acme.sh --issue --dns dns_cloudns -d example.com

Multiple domains:

acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com -d cp.example.com

 

Difference between Sectigo SSL certificates and Let's Encrypt SSL certificates

 As you know, ClouDNS provides Sectigo SSL certificates. Currently there is no difference in the security between the provided Positive SSL certificates and Let's Encrypt SSL certificates. The advantage in the Positive SSL certificates is that they are issued by Sectigo for 1 year (Let's Encrypt are issued for 3 months) and the relying party warranty they have. The Let's Encrypt SSL certificates are good option for mail servers, control panels, internal systems and other type of administrative services, but using trusted SSL certificates is still advantage for commercial web sites.


Last modified: 2023-08-30
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more