Let's Encrypt Support

 

Support for automating Let's Encrypt SSL Certificates

 

Joker.com provides a simple tool to automate the usage of Let's Encrypt certificates.

N.B.: We will support this solution also with our new name service, and the new API which is underway.

 

Using this tool, you will be able to request certificates from Let's Encrypt without having to expose the domain using HTTP running a web server; or add special configurations to existing web services.

Instead, the Let's Encrypt method used is 'dns-01', where a special TXT record needs to be inserted into your domain to request a certificate. Please note that this domain must be using the free Joker.com nameservice (which is the default).

 

Setting a TXT record is fairly straightforward:

  1. please login at Joker.com, visit 'My Domains', find the domain you want to add a  Let's Encrypt certificate for, and chose "DNS" in the menu
  2. on the top right, you will find the setting for 'Dynamic DNS'. If not already active, please activate it. It will not affect any other already existing DNS records of this domain.
  3. please take note of the credentials which are now shown as 'Dynamic DNS Authentication', consisting of a 'username' and a 'password'.
  4. this is all you have to do here - and only once per domain.

 

The following explains the technical details - you may skip this and simply use the attached files which you find below. They do work with the commonly used tool dehydrated. Where to place these files, and how to configure your domains or host names, is documented in the file 'config.sh'.

 

For the use of the certbot, github-user dhull kindly provides another solution:

 

GitHub: https://github.com/dhull/certbot-dns-joker

PyPI: https://pypi.org/project/certbot-dns-joker/

 

This can easily be installed by "pip install certbot-dns-joker" - see the github page above for details.

 


 

To set a TXT record, you may now do this using a single cURL request:

 

curl -X POST https://svc.joker.com/nic/replace -d \
'username=your-username&password=your-password&zone=your-domain.com&label=_acme-challenge&type=TXT&value=the-TXT-content-to-insert'

 

This will create a TXT record for "_acme-challenge" in zone "your-domain.com".
It responds with 200 and "OK: n# inserted, n# deleted" if everything went OK, and appropriate status and text if not.

Some additional notes regarding this:

  • only POST method is supported
  • only type=TXT is supported (and must be provided) for now
  • "label" could be anything within the zone (including "@" and "*")
  • this request will replace all TXT records for the specified label with the provided content
  • "value" must be printable ASCII only, without double quotes
  • if "value" is empty ("value="), all existing records for specified label are deleted
  • multiple TXT records with the same label can be added by using multiple "value" parameters in the URL

 

 

 

attached files: hook.sh, config.sh

Tags: DNS, Domain-Modification

Related entries:

You cannot comment on this entry