We’ll be using https://auth.acme-dns.io for test, before we create our server, for example: https://auth.myacmedns.com
You can ignore CAA record, for now.
It will prompt like this:
[*] New acme-dns account for domain newdomain.com successfully registered!
Do you want acme-dns-client to monitor the CNAME record change? [Y/n]: n
Domain: 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.acme-dns.io
To finalize the setup, you need to create a CNAME record pointing from _acme-challenge.newdomain.com
to the newly created acme-dns domain 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.acme-dns.io
A correctly set up CNAME record should look like the following:
_acme-challenge.newdomain.com. IN CNAME 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.acme-dns.io.
You have to go to your DNS Settings in the Control Panel for your newdomain.com. And add a record:
_acme-challenge.newdomain.com. IN CNAME 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.acme-dns.io.
That might look like this.
Then run certbot (every 3 months) and see magic happens:
Your certificates will be saved in ./data/letsencrypt/live/newdomain.com directory.
From this point, your should not having errors. Then you can create your own self-host ACME DNS. And have to register again with new (but once) and change your CNAME record (once again).
Server
So You want to self-host your ACME-DNS on myacmedns.com.
# directory structure
/docker/acmedns
Build
We can use the Docker Image joohoi/acme-dns or we build from his git repository.
There were few bumps installing, but one of the solution is to change Dockerfile and add new environment variable before go build.
Let’s create a directory: /docker/acmedns
At this point build folder is created, and then we create docker-build.sh file.
running ./docker-build.sh now, you find some errors.
Edit: /docker/acmedns/build/Dockerfile
Edit a line and inlude this CGO_CFLAGS="-D_LARGEFILE64_SOURCE"
# code here ...
RUN CGO_ENABLED=1 CGO_CFLAGS="-D_LARGEFILE64_SOURCE" go build
# code here ...
Dockerfile should look similar like this:
Now we can build.
Create docker-compose.yml
Parts that are commented # would be handy for advanced things, uncomment them any time.
Running with: docker-compose up you might see an error that no config.cfg is available.
You can copy config.cfg from the build folder and paste it to ./data/acmedns_config
Change to port="80", and tls="none" if your server don’t have certificates yet. And register server running this: ./acmedns-client.sh register -s http://auth.myacmedns.com.
Change DNS Settings
For my newly discovery that works. Your DNS Settings need to able to add NS records. I’ve tried with A records, but it doesn’t work.
There can only be one record with auth.
@ points to your public address A11.22.33.44 , auth.myacmedns.com points to NSmyacmedns.com.
Let’s go back to our Client
Going back to your newdomain.com terminal, we need to run some commands again, to register and creating certificates.
Register once
With your self-host server, you can update new server path.
Follow instructions and remember CNAME record, for example:
_acme-challenge.newdomain.com. IN CNAME 7f1449b3-9371-4b6a-a472-6ab79764dae7.auth.myacmedns.com.
Update DNS Settings once
Go to your control panel and update your DNS records.
Get your certificates and see the magic happens
# goto
cd /docker/acmedns-client
# get certificates
./certbot.sh -d newdomain.com -d *.newdomain.com
Does it work for you?
Let me know if this works for you, or give me a thumbs up!