Letsencrypt wildcard + bind: how to automatically renew a certificate?

V

vlarkanov2019-09-23 10:17:35

linux

vlarkanov, 2019-09-23 10:17:35

There is a group of 4th level domains, something like *.tt.domain.ru You
need to get a wildcard certificate. There are a lot of instructions, for example, this one https://wiki.yola.ru/letsencrypt/wildcard
But. It is necessary to pass the ACME-challenge, which involves manually editing the DNS zone - and not only during the initial receipt of the certificate, but also during its renewal. Is it possible to automate this process? Once every three months, it is inconvenient to edit the zone with your hands and you can skip it.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

F

fluffybear, 2019-09-23
@fluffybear

Have you considered the option to delegate the 3rd level to an external dns with api support? For example, cloudflare has dns support on a free account.

A

Alexey Dmitriev, 2019-12-13
@SignFinder

It is possible to automate this process.
There are ready-made plugins for certbot on the Web that allow you to edit DNS for some operators like Hetzner, reg.ru etc.
If you can't find one ready, you'll have to write it yourself.
Here is a link to the official catalog https://certbot.eff.org/docs/using.html#dns-plugins but you can not limit yourself to them.