AutoSSL's Let's Encrypt Challenge for Externally Hosted DNS
I host my DNS at Cloudflare. When I run AutoSSL on my domain, I get no wildcard coverage, just domain and currently created subdomains (ServerAliases) are covered. Even some of the subdomains I have are missing in the cert.
Let's Encrypt uses HTTP-01 and DNS-01 challenges for validation. Only DNS-01 supports wildcards. I presume since my DNS is hosted outside of cPanel, AutoSSL has no means of using DNS-01 at my external provider, so it reverts to using the HTTP-01 challenge. Is this correct?
I'm just asking if this is as good as it gets with AutoSSL for my specific setup? I'm trying my best to accomplish things with AutoSSL before I revert to using a certbot for Let's Encrypt installation.
-
You are absolutely correct. CF had a cPanel plugin but that was depreciated unfortunately.
Andrew N. - cPanel Plesk VMWare Certified Professional
Do you need immediate assistance? 20 minutes response time!*
EmergencySupport - Professional Server Management and One-time Services1 -
Are there any of you who used a certbot to successfully install Let's Encrypt that cPanel can internally use?
0 -
I'm pretty sure it is possible but you would need to make sure after each renewal the services are being restarted so some manual scripting is needed at least.
Andrew N. - cPanel Plesk VMWare Certified Professional
Do you need immediate assistance? 20 minutes response time!*
EmergencySupport - Professional Server Management and One-time Services1 -
What services exactly and how would that look, I mean that automation through scripting?
0 -
If you go to WHM and choose "Manage Service SSL Certificates" you will see what services are using the hostname SSL certificates. These are the services which needs to be restarted/reloaded once the certificate is renewed. You can use "---deploy-hook" option with certbot to run additional scripts upon renewal.
https://community.letsencrypt.org/t/service-restart-after-cert-renew/63270
I think the easiest way though would be just to get a paid SSL cert for the hostname which costs a couple of bucks only and you don't have to mess with scripting and custom setups.
Andrew N. - cPanel Plesk VMWare Certified Professional
Do you need immediate assistance? 20 minutes response time!*
EmergencySupport - Professional Server Management and One-time Services0 -
But I'm not talking about the hostname SSL certificate. cPanel automatically issues its CA cert for my hostname. I was talking about SSL certs for my domains.
0
Please sign in to leave a comment.
Comments
6 comments