Certbot-Name.com DNS Challenge Hooks
With Certbot, for SSL certificates, I tend to use its DNS challenge over the HTTP challenge method. I find it a lot easier to automate. And, I can keep the certificate renewal details and mechanisms off the balancer or application servers.
But I also have domains that are on Name.com. And, for some of them, I have their DNS records in the same place.
How do you then use Certbot’s DNS challenge method with Name.com domains?
The cool thing about Certbot is that you can use the --manual
flag with --preferred-challenges dns
and provide hook scripts. You need just two: auth and cleanup.
The auth hook, when called, is expected to set up a TXT record. Let’s Encrypt will check for this record to validate the request for the new certificate.
The cleanup hook, when called, is expected to clean up the said TXT record.
The Certbot command would look something like this:
NAME_DOMAIN=example.com \
NAME_USERNAME=... \
NAME_API_TOKEN=... \
certbot -v certonly --manual --preferred-challenges dns --manual-auth-hook name-auth.sh --manual-cleanup-hook name-cleanup.sh -d $NAME_DOMAIN
Make sure to set the NAME_USERNAME
and NAME_API_TOKEN
environment variables. You can get an API token from Name.com following the “Signing up for API access” guide.
Here are the two shell scripts that we will use for the two hooks:
name-auth.sh
|
|
name-cleanup.sh
|
|
You will need curl
and jq
as dependencies for these scripts.
Save these two scripts in the directory from where you will be running certbot
. And, that’s it.
Certbot can now be used to request for SSL certificates for domains on Name.com using the DNS challenge method.
This post is 32nd of my #100DaysToOffload challenge. Want to get involved? Find out more at 100daystooffload.com.
comments powered by Disqus