Case Study - Building a Resilient CDN Network with GeoDNS

Issuing of Let's Encrypt SSL certificates automatically with Certbot

The Certbot-dns-clounds plugin automates the process of generating a new FREE Let's Encrypt SSL certificate by creating, and subsequently removing, TXT records using the ClouDNS API.

One of the requirements for the automatic generation of the Certbot certificate is to have access to our HTTP API. All our Premium DNS and DDoS Protected DNS plans include access to the HTTP API and can be used to generate free SSL certificates with Cerbot for any hostname you need. Another important condition is, that your domain is delegated to our name servers and the DNS for the domain name is hosted on our side.

Installation of the Certbot plugin

Official documentation: https://github.com/cloudns/certbot-dns-cloudns/

First, you need to install python3 and pip. Here is an example for installing on Ubuntu/Debian:

sudo apt update

sudo apt install python3-pip

Example for Mac:

python -m ensurepip or python3 -m ensurepip

After they are installed, you need to install the Certbot plugin. You can do this with this command:

pip install certbot-dns-cloudns

This is all the installation needed. You can check if you have successfully installed the plugin with this command:

pip plugins

Configuration

First, you need to log into your control panel and create a new HTTP API user from the "API & Resellers" page on top of your control panel.

Once the HTTP API user is created, you need to create a configuration file with them. You can save the configuration file wherever you want, but you will need the path to the file. The extension of the file has to be .ini. The configuration file should look like this:

# Target user ID (see https://www.cloudns.net/api-settings/)
dns_cloudns_auth_id=1234
# Alternatively, one of the following two options can be set:
# dns_cloudns_sub_auth_id=1234
# dns_cloudns_sub_auth_user=foobar
# API password
dns_cloudns_auth_password=password1

Issuing of SSL certificates

Single domain:

certbot certonly --authenticator dns-cloudns --dns-cloudns-credentials ~/examplepath/configuration.ini --dns-cloudns-nameserver 123.123.123.123 -d example.com

Multiple domains:

certbot certonly --authenticator dns-cloudns --dns-cloudns-credentials ~/examplepath/configuration.ini --dns-cloudns-nameserver 123.123.123.123 -d example.com -d host.example.com

You need to change these parameters with your ones:
~/examplepath/configuration.ini - The path where the configuration file is.
--dns-cloudns-nameserver 123.123.123.123 - The IP here needs to be the IP address of one of your available name servers here.
-d example.com - the domain name you want to issue SSL certificate for

Optionally

You can add this parameter when issuing the SSL certificate - dns-cloudns-propagation-seconds - Seconds, which the plugin will wait for the DNS record to propagate. By default 60. In case, you are experiencing an issue with the generation of the SSL certificate because of the DNS propagation, you can change the value of this parameter for the plugin to wait a little bit longer and then check if the record for validation is added.

After executing the command the SSL certificate should be issued and the required files of the SSL should be in these directories:

Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem

Difference between Sectigo SSL certificates and Let's Encrypt SSL certificates

 As you know, ClouDNS provides Sectigo SSL certificates. Currently, there is no difference in the security between the provided Positive SSL certificates and Let's Encrypt SSL certificates. The advantage of the Positive SSL certificates is that they are issued by Sectigo for 1 year (Let's Encrypt certificates are issued for 3 months) and the relying party warranty they have. The Let's Encrypt SSL certificates are a good option for mail servers, control panels, internal systems, and other types of administrative services, but using trusted SSL certificates is still an advantage for commercial websites.


Last modified: 2023-09-29
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more