External DNS server and LetsEncrypt certificates

crenet

Verified User
Joined
Sep 23, 2019
Messages
92

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
Hello,

If you use remote DNS solutions for domains hosted in DirectAdmin you should think of syncing changes from DirectAdmin server to your remote DNS servers. And it's required only for wildcard certificates from Let's Encrypt, regular certificates can be verified over HTTP/HTTPs.
 

HostinganID

Verified User
Joined
May 5, 2016
Messages
28
Location
Indonesia
willdcard option is need to you have a dns veritification method, if you are using eksternal dns just use http/https veritification method :D
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Hello,

If you use remote DNS solutions for domains hosted in DirectAdmin you should think of syncing changes from DirectAdmin server to your remote DNS servers. And it's required only for wildcard certificates from Let's Encrypt, regular certificates can be verified over HTTP/HTTPs.
Thanks zEitEr and HostinganID for your support,

The setup that I am working on is remote DNS solutions as primary name servers and DA as secondary so will DA accept zone transfers ?
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Hi zEitEr,

Please take a look how Plesk do it.

It seems that Plesk will inform the user that he need to add the TX record in the external DNS server so it does no seem a LetsEncrypt limitation.

So how do we know which TXT record should we add for the certificate validation ?

The message we receive comes with the record that was checked but at this time the validation was already failed.

Or the record is always this ?
_acme-challenge-test.domain.com IN TXT "pre-check"

I think if the script inform us witch record will be needed with a dialog before start the process will give us time to add and check if record exist like Plesk do.

https://talk.plesk.com/threads/lets-encrypt-wildcard-certificate-and-non-local-dns-server.353930/

This note from seqoi:
”Note: If Plesk does not manage the DNS for the domain, the Let’s Encrypt extension cannot add the DNS record automatically. In this case, you will see the following message: “Please add a DNS record with the following parameters”. Add a DNS record with the specified parameters manually. If you are unsure how to do it, ask your DNS hosting provider for assistance."

And the Plesk guide
https://docs.plesk.com/en-US/obsidian/administrator-guide/website-management/websites-and-domains/advanced-website-security/securing-connections-with-ssltls-certificates/getting-free-wildcard-ssltls-certificates-from-let’s-encrypt.79603/

"Whether the Let’s Encrypt extension adds the DNS record automatically or you do it manually, it can take some time before it propagates. We recommend that you check that the DNS record was added before going to the next step. Here is how you can do it:"

Thanks
 
Last edited:
Top