External DNS server and LetsEncrypt certificates

Hi,

I am trying to start my DirectAdmin server but I getting an issue when generating LetsEncrypt certificates using an external DNS server.

I am stuck and searching for a solution in the last 4 days.

External DNS post
https://forum.directadmin.com/showthread.php?t=59378

LetsEncrypt post
https://forum.directadmin.com/showthread.php?t=59379&p=303937

Does anybody knows a fix to this issue ?

Is it possible to work with DirectAdmin with external DNS ?

I will appreciate your suggestions.

Thanks

Hello,

If you use remote DNS solutions for domains hosted in DirectAdmin you should think of syncing changes from DirectAdmin server to your remote DNS servers. And it's required only for wildcard certificates from Let's Encrypt, regular certificates can be verified over HTTP/HTTPs.

willdcard option is need to you have a dns veritification method, if you are using eksternal dns just use http/https veritification method

zEitEr said:

Hello,

If you use remote DNS solutions for domains hosted in DirectAdmin you should think of syncing changes from DirectAdmin server to your remote DNS servers. And it's required only for wildcard certificates from Let's Encrypt, regular certificates can be verified over HTTP/HTTPs.

Click to expand...

Thanks zEitEr and HostinganID for your support,

The setup that I am working on is remote DNS solutions as primary name servers and DA as secondary so will DA accept zone transfers ?

Hi zEitEr,

Please take a look how Plesk do it.

It seems that Plesk will inform the user that he need to add the TX record in the external DNS server so it does no seem a LetsEncrypt limitation.

So how do we know which TXT record should we add for the certificate validation ?

The message we receive comes with the record that was checked but at this time the validation was already failed.

Or the record is always this ?
_acme-challenge-test.domain.com IN TXT "pre-check"

I think if the script inform us witch record will be needed with a dialog before start the process will give us time to add and check if record exist like Plesk do.

https://talk.plesk.com/threads/lets-encrypt-wildcard-certificate-and-non-local-dns-server.353930/

This note from seqoi:
”Note: If Plesk does not manage the DNS for the domain, the Let’s Encrypt extension cannot add the DNS record automatically. In this case, you will see the following message: “Please add a DNS record with the following parameters”. Add a DNS record with the specified parameters manually. If you are unsure how to do it, ask your DNS hosting provider for assistance."

And the Plesk guide
https://docs.plesk.com/en-US/obsidi...ssltls-certificates-from-let’s-encrypt.79603/

"Whether the Let’s Encrypt extension adds the DNS record automatically or you do it manually, it can take some time before it propagates. We recommend that you check that the DNS record was added before going to the next step. Here is how you can do it:"

Thanks

BUMP if i'm wrong in this topic sorry found it with search.

More possible things with external DNS providers and wildcard letsencrypt

Could this be solved with some other parts and API / scripts as in links provided?


See here list of supporting dns providers.

IF so ?
And then a howto in DA?

Maybe then also solve together with such scripts / apis the propagation of DKIM record to external DNS provider?

And this TLSA to? https://help.directadmin.com/item.php?id=2093 for all for the mailserver part smtp

Cross link to better find more about https://forum.directadmin.com/threa...tions-if-user-set-on-nodns.58206/#post-305813

How is this not fixed yet? We need to be able to set wildcard certificates with an external DNS, just like PLESK.

elco.vanberkel said:

just like PLESK.

Click to expand...

Upping a 2 year old topic for this?
First search then comment.

Firstly, that "just like plesk" is incorrect, Plesk doesn't do that on external DNS, from Plesk itself:

Note: If Plesk does not manage the DNS for the domain, the Let’s Encrypt extension cannot add the DNS record automatically. In this case, you will see the following message: “Please add a DNS record with the following parameters”. Add a DNS record with the specified parameters manually. If you are unsure how to do it, ask your DNS hosting provider for assistance.

Click to expand...

And for the record, it might be a bit hard to find, because people are using still the old help section instead of the new help section docs.directadmin.com where more info is to be found.

But Directadmin might be the first panel supporting something like this with external DNS.
For external DNS you have to install Legal. Nee niet dat speelgoed.

I searched, on Google. Works best.

The DA LEGO function doesn't work on my newly installed setup. So I want to be able to place the DNS txt myself. Just like Plesk allows me to do. It shows me what I need to place and it works.

elco.vanberkel said:

I searched, on Google. Works best.

Click to expand...

Well Plesk says no. So that must be a custom solution then.

I don't see any difference with Plesk. DA puts it in their DNS manager and you just have to copy those lines to external DNS as with Plesk.

On the other hand, it might also be a good idea to start a new seperate topic for your Lego issue, it might be solved.
(edit: Ah I've just seen that you did after I posted this reply).

Anyway, Lego -is- a DA solution for external DNS and DA was (as far as I know) the first doing it this way.

Hi all,

For the one's whom are googling about this issue and are in need for a work around, this are the steps to work around this issue.

1. Generate a wildcard certificate in DirectAdmin
2. Go to the DNS records of this particular domain
3. Refresh the page until you will see the TXT record with the acme challenge value

4. Go as quick as you can to your DNS management console where your NS is actually hosted and add the challenge value to the TXT record.

Take a break, get your self a coffee and wait in the message center until you see the message: