Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Reiters2020-10-21 10:07:06
Digital certificates
Reiters, 2020-10-21 10:07:06

How to generate let's encrypt ssl certificate via certbot and dns txt entry?

There is a site hosted on a platform that does not provide access via ssh and does not connect the let's encrypt certificate itself, but provides access to dns records and can install a certificate if you provide it to them already ready.

Actually, the question is how to issue a certificate using certbot via dns txt ? I can't figure it out from the manual on their website.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
E
Eugene, 2020-10-21
@yellowmew

just in case, I’ll note
1. the certificate will have to be reissued every 3 months (or at a shorter interval in order to prevent the certificate from expiring. This means that you will have to leave an application for installing a new certificate on the platform at the same interval
2. the platform does not provide you with such an opportunity, which means that you will have to transfer the private key of the certificate over the Internet? This already dismisses the point of using a certificate. As far as I know, there is no easy way to generate an LE certificate using only CSR.
On the main question: I don’t see what ’s incomprehensible here:
Alexey Dmitriev already wrote:
1. The script will tell you what records to create in your domain zone. If you do not own it (it belongs to the platform) - only http confirmation is suitable for you.

Report
A
Alexey Dmitriev, 2020-10-21
@SignFinder

Run the script anywhere.
When he asks you to create DNS records (there are two of them, first there will be one then the second) - without interrupting the script - create the first record (it is better if the host where the script is running will look at servers authoritative for your DNS zone - to speed up the application of the record).
Then click on continue - the first entry is checked and create a second one.
Move the certificate to where it is needed.

Report
S
Sanes, 2020-10-21
@Sanes

https://www.sslforfree.com/

Report
V
Viktor Taran, 2020-10-21
@shambler81

1. When generating a certificate, a verification file is created that is hosted on the server, so you must match the conditions.
A) The IP address in the dns entry must match the IP of the site.
B) the daemon puts the file and checks for its existence.
C ) no AAA record (LE does not support ipv6)
D) the certificate tried to be issued no more than 5 times per day
How do you imagine the first two points?
As for automation, it is for full automation that certificates are issued for 90 days, and in the future it will be 30 days so that everyone is required to set up automatic receipt of certificates, the reason for such periods is precisely this.
Another question is what kind of hosting does not support LE now
as a rule, if this module is not available, it is delivered upon request to those support.
What hoster do you have and what is the tariff?

Similar questions
S
sitev_ru2017-05-23 15:57:01
Where can I find a description of the SSL proxy protocol? 0Reply
P
portered2015-06-16 09:14:37
Has anyone used startssl? 3Reply
P
psiklop2017-06-01 14:43:08
Websockets on https? 2Reply
S
sbh2015-07-01 04:14:02
How to configure the return of the entire chain of certificates in apache? 1Reply
R
Roman Rakzin2017-06-13 23:26:29
Setting up https on nginx? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question