Difference between revisions of "Certbot: Ikoula DNS Challenge"
| (6 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| + | <span data-link_translate_ro_title="Certbot: Ikoula DNS Challenge" data-link_translate_ro_url="Certbot: Ikoula DNS Challenge"></span>[[:ro:Certbot: Ikoula DNS Challenge]][[ro:Certbot: Ikoula DNS Challenge]] | ||
| + | <span data-link_translate_ru_title="Certbot: Ikoula DNS Challenge" data-link_translate_ru_url="Certbot: Ikoula DNS Challenge"></span>[[:ru:Certbot: Ikoula DNS Challenge]][[ru:Certbot: Ikoula DNS Challenge]] | ||
| + | <span data-link_translate_pl_title="Certbot: Ikoula DNS Challenge" data-link_translate_pl_url="Certbot: Ikoula DNS Challenge"></span>[[:pl:Certbot: Ikoula DNS Challenge]][[pl:Certbot: Ikoula DNS Challenge]] | ||
| + | <span data-link_translate_ja_title="Certbot: Ikoula DNSチャレンジ" data-link_translate_ja_url="Certbot: Ikoula DNSチャレンジ"></span>[[:ja:Certbot: Ikoula DNSチャレンジ]][[ja:Certbot: Ikoula DNSチャレンジ]] | ||
| + | <span data-link_translate_zh_title="Certbot:Ikoula DNS挑战" data-link_translate_zh_url="Certbot:Ikoula DNS挑战"></span>[[:zh:Certbot:Ikoula DNS挑战]][[zh:Certbot:Ikoula DNS挑战]] | ||
| + | <span data-link_translate_de_title="Certbot: Ikoula DNS Herausforderung" data-link_translate_de_url="Certbot: Ikoula DNS Herausforderung"></span>[[:de:Certbot: Ikoula DNS Herausforderung]][[de:Certbot: Ikoula DNS Herausforderung]] | ||
<span data-link_translate_nl_title="Certbot: Ikoula DNS uitdaging" data-link_translate_nl_url="Certbot: Ikoula DNS uitdaging"></span>[[:nl:Certbot: Ikoula DNS uitdaging]][[nl:Certbot: Ikoula DNS uitdaging]] | <span data-link_translate_nl_title="Certbot: Ikoula DNS uitdaging" data-link_translate_nl_url="Certbot: Ikoula DNS uitdaging"></span>[[:nl:Certbot: Ikoula DNS uitdaging]][[nl:Certbot: Ikoula DNS uitdaging]] | ||
<span data-link_translate_it_title="Certbot: sfida Ikoula DNS" data-link_translate_it_url="Certbot: sfida Ikoula DNS"></span>[[:it:Certbot: sfida Ikoula DNS]][[it:Certbot: sfida Ikoula DNS]] | <span data-link_translate_it_title="Certbot: sfida Ikoula DNS" data-link_translate_it_url="Certbot: sfida Ikoula DNS"></span>[[:it:Certbot: sfida Ikoula DNS]][[it:Certbot: sfida Ikoula DNS]] | ||
| Line 5: | Line 11: | ||
<span data-link_translate_fr_title="Certbot: Challenge DNS Ikoula" data-link_translate_fr_url="Certbot: Challenge DNS Ikoula"></span>[[:fr:Certbot: Challenge DNS Ikoula]][[fr:Certbot: Challenge DNS Ikoula]] | <span data-link_translate_fr_title="Certbot: Challenge DNS Ikoula" data-link_translate_fr_url="Certbot: Challenge DNS Ikoula"></span>[[:fr:Certbot: Challenge DNS Ikoula]][[fr:Certbot: Challenge DNS Ikoula]] | ||
<br />This article has been created by an automatic translation software. You can view the article source [[:fr:Array|here]].<br /><span data-translate="fr"></span><br /> | <br />This article has been created by an automatic translation software. You can view the article source [[:fr:Array|here]].<br /><span data-translate="fr"></span><br /> | ||
| + | |||
{{#seo: | {{#seo: | ||
| − | |title= | + | |title=Certbot: Ikoula DNS Challenge |
|title_mode=append | |title_mode=append | ||
|keywords=these,are,your,keywords | |keywords=these,are,your,keywords | ||
| − | |description=DNS Challenge | + | |description=Certbot: Ikoula DNS Challenge |
|image=Uploaded_file.png | |image=Uploaded_file.png | ||
|image_alt=Wiki Logo | |image_alt=Wiki Logo | ||
}} | }} | ||
| + | |||
==Introduction== | ==Introduction== | ||
Several challenges or authentication methods are available to request the generation of a Let's Encrypt certificate. Unlike the '''{{Template:Certificat SSL}}''' certificates from Ikoula, these free certificates expire quickly. Therefore, it is necessary to automate their renewal. | Several challenges or authentication methods are available to request the generation of a Let's Encrypt certificate. Unlike the '''{{Template:Certificat SSL}}''' certificates from Ikoula, these free certificates expire quickly. Therefore, it is necessary to automate their renewal. | ||
Latest revision as of 17:21, 1 October 2021
ro:Certbot: Ikoula DNS Challenge
ru:Certbot: Ikoula DNS Challenge
pl:Certbot: Ikoula DNS Challenge
ja:Certbot: Ikoula DNSチャレンジ
zh:Certbot:Ikoula DNS挑战
de:Certbot: Ikoula DNS Herausforderung
nl:Certbot: Ikoula DNS uitdaging
it:Certbot: sfida Ikoula DNS
pt:Certbot: Desafio DNS de Ikoula
es:Certbot: Reto del DNS de Ikoula
fr:Certbot: Challenge DNS Ikoula
This article has been created by an automatic translation software. You can view the article source here.
Introduction
Several challenges or authentication methods are available to request the generation of a Let's Encrypt certificate. Unlike the SSL certificate certificates from Ikoula, these free certificates expire quickly. Therefore, it is necessary to automate their renewal. The Challenge DNS Challenge allows you to request wildcard certificates. A DNS record with a key must therefore be created during the process of obtaining or renewing the certificate.
Prerequisites
The system on which the SSL certificate must have certbot and also some basic dependencies. Here are the necessary packages:
- certbot
- curl
- jq
You also need a client interface user/contact with permissions to modify the DNS zone. We recommend creating a specific user with the minimum permissions for the "Domain and Dns - Dns Management Only for Domain" subscription for :
- See basic details
Manage zone: domain.tld
Installation
Installing dependencies on a Debian base :
apt update && apt install -y certbot curl jq
Installation of Ikoula scripts for DNS zone management
bash <(curl -s https://raw.githubusercontent.com/ikoula/certbot-dns/master/install.sh)
The command must be executed again if the password has been changed.
Use
You can then use the certbot with your usual options, but you must have :
- --manual
- --preferred-challenges=dns
- --manual-auth-hook /usr/local/bin/ikoula-dns-auth.sh
- --manual-cleanup-hook /usr/local/bin/ikoula-dns-cleanup.sh
Here is an example:
certbot certonly --manual -n --preferred-challenges=dns --manual-auth-hook /usr/local/bin/ikoula-dns-auth.sh --manual-cleanup-hook /usr/local/bin/ikoula-dns-cleanup.sh -d *.domaine.tld -d domaine.tld --agree-tos -m monadresse@domaine.tld --manual-public-ip-logging-ok
DNS authentication takes time: DNS propagation time. You need at least 2 minutes per domain.
I recommend that you make your settings with a --dry-run. If you fail authentication too many times you will have to wait.