Let's Encrypt - Dinahosting
Let's Encrypt validation hook for Dinahosting DNS.
- Active domain registered with Dinahosting
- Valid Dinahosting API credentials
- Linux OS
- Certbot
- CURL
- jq
Installation of dependencies on Ubuntu/Debian:
apt-get update
apt-get install certbot curl jq git
- Register for Dinahosting API access on this URL
- Use your control panel user and password as the API credentials
Execute the following command to download the scripts to some folder which is only readable by root and make sure they are executable:
git clone https://github.com/daniol/dinahosting-letsencrypt.git
chmod +x dinahosting-letsencrypt/*.sh
Edit the file dinahosting_vars.sh and set the API credentials.
API_USERis the user name you use to log in to the customer panel.API_PASSis the password to the customer panel.
The following example creates a certificate for example.com and all subdomains (*.example.com). Don't forget to write the full path to the manual-auth-hook and manual-cleanup-hook scripts.
certbot certonly --manual -d *.example.com -d example.com \
--agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 \
--server https://acme-v02.api.letsencrypt.org/directory \
--manual-auth-hook /root/dinahosting-letsencrypt/dinahosting_auth.sh \
--manual-cleanup-hook /root/dinahosting-letsencrypt/dinahosting_cleanup.sh
Add the following in the virtualhost configuration file (between <VirtualHost> and </VirtualHost>):
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Add a cron task to certbot renew to be executed once a week, for example:
0 0 * * 0 certbot renew --quiet --agree-tos --post-hook "service apache2 reload" >/dev/null 2>&1
When the certificate needs to be renewed, the script waits 6 minutes, to make sure the DNS changes fully propagate trough the DNS servers and the DNS cache of Letsencrypt expires (the default TTL for TXT entries in Dinahosting is 5 minutes).