Learn about Centmin Mod LEMP Stack today
Become a Member

Letsencrypt Looks like letsencrypt dns-01 is ready ..

Discussion in 'Domains, DNS, Email & SSL Certificates' started by ModeltogTossen, Jan 24, 2016.

  1. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    9:10 AM
    1.9.12
    10.0.23
  2. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes only their production ACME server side.. their official letsencrypt client unfortunately isn't ready AFAIK :(

    funny though, several 3rd party Letsencrypt clients already beat the official client to release dns-01 support !
     
  3. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    9:10 AM
    1.9.12
    10.0.23
    Yeah - I did read that. Letsencrypt will be there soon - I hope.. I for one have been waiting for that info about dns-1. Now I hope the waiting time is snort to get the client.
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Note there's currently issues with certain DNS providers though they need to sort out DNS Challange failed sanity check - Issuance Tech - Let's Encrypt Community Support

    and from Fix dns01 authority check by r0ro · Pull Request #1398 · letsencrypt/boulder · GitHub
    and DNS challenge sanity check fails on empty authority · Issue #1391 · letsencrypt/boulder · GitHub
     
  6. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    9:10 AM
    1.9.12
    10.0.23
    For us with own dns server, that should not give any issues? - I have not tested it yet on my end. I mean - if you have your own, then you will give back authority section requested, right?
     
  7. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    9:10 AM
    1.9.12
    10.0.23
    @eva2000 - Have you seen this client - lukas2511/letsencrypt.sh: letsencrypt/acme ... - GitHub

    He wrote:

     
  8. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah in theory it should
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah seen that was keeping an eye. The whole reason I want to stick with official letsencrypt client as I was expecting development, features will usually come first in official client and any updates, bug fixes will be first there too. But seems official client is lagging behind.

    With that said, once official client has dns-01 support, any major changes to how it works should in theory be first available in official client. But really sure that would be the case. Right now Centmin Mod integration will still use the official letsencrypt client though.
     
  10. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    9:10 AM
    1.9.12
    10.0.23
    No - My intention was not to make you change client in LEx branch - it was more to give you the technical explanation on how it could be done with dns-1.. I did post because you ask for documentation on the letsencrypt community..
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    cheers.. yeah another 3rd party client i am keeping an eye on is Neilpang/le: Simplest shell script for LetsEncrypt free Certificate client which also as dns-01 support :)
     
  12. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    9:10 AM
    1.9.12
    10.0.23
    What a nice job Nielpang have done - look at this - now easy can it be?? :cool:

    Code:
    You will get the output like bellow:
    
    Add the following txt record:
    Domain:_acme-challenge.aa.com
    Txt value:9ihDbjYfTExAYeDs4DBUeuTo18KBzwvTEjUnSwd32-c
    
    Add the following txt record:
    Domain:_acme-challenge.www.aa.com
    Txt value:9ihDbjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    
    although I would like it to be fully automatic .. :D
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,567
    12,136
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,679
    Local Time:
    5:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Well fully automatic can only happen if your dns provide has an API you can connect to i.e. Cloudflare, DNSMadeEasy and I believe Amazon Route53 have APIs. I will be testing on Cloudflare DNS API myself :)