LetsEncrypt 2.0 with 70+ dnsproviders, ready for testing

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,051
Hi guys,

If you wish to test out the 70+ "dns providers", just update Let's Encrypt to 2.0 using CustomBuild script.
This is currently only at the User Level, where, when creating the cert, once "wildcard"option, a new field (below) will appear, defauting to "Dns Provider = Local".
This requires the latest pre-release binaries plus letsencrypt.sh 2.0, and we'll be added fixes/improvements as we go.

You can then pick a new dns provider, say "CloudFlare" and enter your user/key + extra bits, as needed, specified by that provider.
Once used, and you trigger the request.. the envs are added and the new letsencrypt.sh should pick that up and use it instead of the local dns box.

Feature is listed here, so look for any changes, which can happen if we need to alter the design:

It can also inherit reseller-defined DNS provider or a global one for all the domains.

Thanks and happy testing!
John
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
9,355
Location
LT, EU
I check via CLI "openssl version"
OpenSSL 1.0.2k-fips 26 Jan 2017
Should i update it manually?
I am using VPS
And now check rpm -q --last openssl to see when it was updated :) I bet it is not 2017.

 

kadek_mentik

Verified User
Joined
Jun 5, 2020
Messages
76
Location
Bali, Indonesia
@smtalk
i just checked with the command
"openssl-1.0.2k-19.e17.x86_64 sun may 24 13:01:39 2020"
yes,,, 2020 version,,, so my current version is too old, 3 years ago

how to do sir,,,

Regards Sir
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,873
Location
London UK
I'm trying it hard following the instructions on how to activate this....... Only I use cloudflare, so I thought I'd test it as I'd love a wildcard certificate.

It's the dnsproviders.conf I'm having trouble understanding. What do I put in them?
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,873
Location
London UK
So, to test this, we need to use Evolution? Or what? Will it make it to Enhanced for the final release?

Some of us hate Evolution skin, believe it or not.
 

lolfust1

Verified User
Joined
Oct 24, 2015
Messages
41
At this time openssl is managed by OS. Is there a reason you need some other version?
a feature needed on DA related Lets encrypt -
Able to set amount of times to renew ssl cert if it fails after X times, it disabled its auto renew.
some people have domains moved away or etc, and those emails from DA about it drives me crazy >:
 

WizardX

Verified User
Joined
Aug 1, 2006
Messages
19
With the addition of the following variables wildcard certs are perfectly requested an renewed because the system has more time to validate DNS records of slow-propagating external DNS providers.

export EXEC_PROPAGATION_TIMEOUT=900
export EXEC_POLLING_INTERVAL=120
 
Top