LetsEncrypt 2.0 with 70+ dnsproviders, ready for testing

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hi guys,

If you wish to test out the 70+ "dns providers", just update Let's Encrypt to 2.0 using CustomBuild script.
This is currently only at the User Level, where, when creating the cert, once "wildcard"option, a new field (below) will appear, defauting to "Dns Provider = Local".
This requires the latest pre-release binaries plus letsencrypt.sh 2.0, and we'll be added fixes/improvements as we go.

You can then pick a new dns provider, say "CloudFlare" and enter your user/key + extra bits, as needed, specified by that provider.
Once used, and you trigger the request.. the envs are added and the new letsencrypt.sh should pick that up and use it instead of the local dns box.

Feature is listed here, so look for any changes, which can happen if we need to alter the design:

It can also inherit reseller-defined DNS provider or a global one for all the domains.

Thanks and happy testing!
John
 
I check via CLI "openssl version"
OpenSSL 1.0.2k-fips 26 Jan 2017
Should i update it manually?
I am using VPS
And now check rpm -q --last openssl to see when it was updated :) I bet it is not 2017.

 
@smtalk
i just checked with the command
"openssl-1.0.2k-19.e17.x86_64 sun may 24 13:01:39 2020"
yes,,, 2020 version,,, so my current version is too old, 3 years ago

how to do sir,,,

Regards Sir
 
I'm trying it hard following the instructions on how to activate this....... Only I use cloudflare, so I thought I'd test it as I'd love a wildcard certificate.

It's the dnsproviders.conf I'm having trouble understanding. What do I put in them?
 
So, to test this, we need to use Evolution? Or what? Will it make it to Enhanced for the final release?

Some of us hate Evolution skin, believe it or not.
 
At this time openssl is managed by OS. Is there a reason you need some other version?
a feature needed on DA related Lets encrypt -
Able to set amount of times to renew ssl cert if it fails after X times, it disabled its auto renew.
some people have domains moved away or etc, and those emails from DA about it drives me crazy >:
 
With the addition of the following variables wildcard certs are perfectly requested an renewed because the system has more time to validate DNS records of slow-propagating external DNS providers.

export EXEC_PROPAGATION_TIMEOUT=900
export EXEC_POLLING_INTERVAL=120
 
Back
Top