Your new domain: newdomain.com
Your ACME DNS self-host domain: myacmedns.com
Example domain names.
Client
So you‘ve got a domain newdomain.com
and you want to have certificates with wildcard such as *.newdomain.com
.
Let’s build our own client:
# directory structure
/docker/acmedns-client/
build/
Dockerfile
docker-build.sh
docker-run.sh
acmedns-client.sh
certbot.sh
Don’t for get tochmod +x
your*.sh
files
Following scripts to run
- Build once:
./docker-build.sh
. Your docker image would beharianto/acmedns-client
From this point you can run Docker Image harianto/acmedns-client
however you want.
- Register once:
./acmedns-client.sh register -s https://auth.acme-dns.io --dangerous -d newdomain.com
We’ll be usinghttps://auth.acme-dns.io
for test, before we create our server, for example:https://auth.myacmedns.com
You can ignore CAA record, for now.
It will prompt like this:
[*] New acme-dns account for domain newdomain.com successfully registered!
Do you want acme-dns-client to monitor the CNAME record change? [Y/n]: n
Domain: 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.acme-dns.io
To finalize the setup, you need to create a CNAME record pointing from _acme-challenge.newdomain.com
to the newly created acme-dns domain 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.acme-dns.io
A correctly set up CNAME record should look like the following:
_acme-challenge.newdomain.com. IN CNAME 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.acme-dns.io.
You have to go to your DNS Settings in the Control Panel for your newdomain.com
. And add a record:
_acme-challenge.newdomain.com. IN CNAME 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.acme-dns.io.
That might look like this.
- Then run certbot (every 3 months) and see magic happens:
Your certificates will be saved in ./data/letsencrypt/live/newdomain.com
directory.
From this point, your should not having errors. Then you can create your own self-host ACME DNS. And have to register again with new (but once) and change your CNAME record (once again).
Server
So You want to self-host your ACME-DNS on myacmedns.com
.
# directory structure
/docker/acmedns
Build
We can use the Docker Image joohoi/acme-dns
or we build from his git repository.
There were few bumps installing, but one of the solution is to change Dockerfile and add new environment variable before go build
.
Let’s create a directory: /docker/acmedns
At this pointbuild
folder is created, and then we createdocker-build.sh
file.
running ./docker-build.sh
now, you find some errors.
Edit: /docker/acmedns/build/Dockerfile
Edit a line and inlude this CGO_CFLAGS="-D_LARGEFILE64_SOURCE"
# code here ...
RUN CGO_ENABLED=1 CGO_CFLAGS="-D_LARGEFILE64_SOURCE" go build
# code here ...
Dockerfile should look similar like this:
Now we can build.
Create docker-compose.yml
Parts that are commented #
would be handy for advanced things, uncomment them any time.
Running with:docker-compose up
you might see an error that noconfig.cfg
is available.
You can copy config.cfg
from the build
folder and paste it to ./data/acmedns_config
Change toport="80
", andtls="none
" if your server don’t have certificates yet. And register server running this:./acmedns-client.sh register -s http://auth.myacmedns.com
.
Change DNS Settings
For my newly discovery that works. Your DNS Settings need to able to add NS
records. I’ve tried with A
records, but it doesn’t work.
There can only be one record with auth
.
@
points to your public addressA
11.22.33.44
,auth
.myacmedns.com points toNS
myacmedns.com.
Let’s go back to our Client
Going back to your newdomain.com
terminal, we need to run some commands again, to register and creating certificates.
Register once
With your self-host server, you can update new server path.
Follow instructions and remember CNAME
record, for example:
_acme-challenge.newdomain.com. IN CNAME 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.myacmedns.com.
Update DNS Settings once
Go to your control panel and update your DNS records.
Get your certificates and see the magic happens
# goto
cd /docker/acmedns-client
# get certificates
./certbot.sh -d newdomain.com -d *.newdomain.com
Does it work for you?
Let me know if this works for you, or give me a thumbs up!